7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Size

5.4MB
MD5

bf704210113e53ad682a4313d177f330
SHA1

bd43704b1aef2eab289a9b9542337e9ebf795820
SHA256

7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70
SHA512

5224dcb8b5b218e3cc066a2920dfc2cf047c80462a969f8618568ee370f8ce0b3708b44201c41963e74b66aa971a286df41b6bc266cd1679f42fd9ab93c07300
SSDEEP

98304:w8eunY8I0YJ4lI+uP5Ag1jkEPxkX4kIKrDzvx47+StXwE9d9SS77S+z5WeSEhmsM:XGZAp6j1jkEu+KHdN

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	Process not Found
File opened for modification	C:\Program Files\dotnet\dotnet.exe	Process not Found
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	Process not Found
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	Process not Found
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	Process not Found

Program crash 64 IoCs

pid	pid_target	Process	procid_target
5864	4052	WerFault.exe	82
6208	4052	WerFault.exe	82
6632	3540	WerFault.exe	83
6808	3540	WerFault.exe	83
6180	3692	WerFault.exe	84
6568	3692	WerFault.exe	84
6540	1004	WerFault.exe	85
8576	5276	WerFault.exe	198
8584	5340	WerFault.exe	202
8560	5424	WerFault.exe	207
8196	5228	WerFault.exe	195
1156	5424	WerFault.exe	207
4500	7956	WerFault.exe	368
4028	5588	WerFault.exe	217
1672	5504	WerFault.exe	212
1340	1004	WerFault.exe	85
8240	6280	WerFault.exe	260
7908	5472	WerFault.exe	210
5460	5472	WerFault.exe	210
8416	7544	WerFault.exe	358
5436	7544	WerFault.exe	358
8440	7528	WerFault.exe	357
6916	7528	WerFault.exe	357
6616	2492	WerFault.exe	458
6384	2492	WerFault.exe	458
9752	5324	WerFault.exe	201
9972	5324	WerFault.exe	201
6484	1824	WerFault.exe	318
9696	4192	WerFault.exe	319
10120	6528	WerFault.exe	321
10260	7112	WerFault.exe	324
3324	3728	WerFault.exe	329
4636	7224	WerFault.exe	338
10496	10136	WerFault.exe	727
8500	3440	WerFault.exe	125
9268	1744	WerFault.exe	109
7436	4928	WerFault.exe	141
1388	5056	WerFault.exe	142
3996	5260	WerFault.exe	197
3548	4380	WerFault.exe	120
7300	5260	WerFault.exe	197
672	4380	WerFault.exe	120
10296	6300	WerFault.exe	261
10396	6300	WerFault.exe	261
4256	5336	WerFault.exe	744
3292	5336	WerFault.exe	744
8436	11208	WerFault.exe	758
3896	3844	WerFault.exe	766
6180	11208	WerFault.exe	758
10460	3844	WerFault.exe	766
1236	5036	Process not Found	964
8452	10252	Process not Found	968
5936	10828	Process not Found	974
10156	5196	Process not Found	973
3364	2064	Process not Found	978
11928	5228	Process not Found	988
12172	11152	Process not Found	995
12196	10252	Process not Found	968
12276	10828	Process not Found	974
9532	5228	Process not Found	988
11404	1640	Process not Found	126
11460	1524	Process not Found	130
11644	4116	Process not Found	129
11776	1524	Process not Found	130

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4052	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4052	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3540	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3540	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3692	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3692	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1004	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1004	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1260	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1260	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
32	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
32	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3696	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3696	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1440	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1440	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1156	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1156	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4872	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4872	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3552	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3552	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1036	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1036	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
5088	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
5088	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1384	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1384	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2008	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2008	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1444	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1444	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
812	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
812	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
748	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
748	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3240	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3240	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4896	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4896	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2832	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2832	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4076	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4076	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
232	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
232	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1744	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1744	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2448	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2448	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2020	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
2020	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4840	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
4840	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1244	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
1244	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
548	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
548	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3752	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
3752	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 3540	4052	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	83
PID 4052 wrote to memory of 3540	4052	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	83
PID 4052 wrote to memory of 3540	4052	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	83
PID 3540 wrote to memory of 3692	3540	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	84
PID 3540 wrote to memory of 3692	3540	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	84
PID 3540 wrote to memory of 3692	3540	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	84
PID 3692 wrote to memory of 1004	3692	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	85
PID 3692 wrote to memory of 1004	3692	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	85
PID 3692 wrote to memory of 1004	3692	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	85
PID 1004 wrote to memory of 1260	1004	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	86
PID 1004 wrote to memory of 1260	1004	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	86
PID 1004 wrote to memory of 1260	1004	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	86
PID 1260 wrote to memory of 32	1260	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	87
PID 1260 wrote to memory of 32	1260	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	87
PID 1260 wrote to memory of 32	1260	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	87
PID 32 wrote to memory of 3696	32	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	88
PID 32 wrote to memory of 3696	32	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	88
PID 32 wrote to memory of 3696	32	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	88
PID 3696 wrote to memory of 1440	3696	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	89
PID 3696 wrote to memory of 1440	3696	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	89
PID 3696 wrote to memory of 1440	3696	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	89
PID 1440 wrote to memory of 1156	1440	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	90
PID 1440 wrote to memory of 1156	1440	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	90
PID 1440 wrote to memory of 1156	1440	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	90
PID 1156 wrote to memory of 4872	1156	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	91
PID 1156 wrote to memory of 4872	1156	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	91
PID 1156 wrote to memory of 4872	1156	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	91
PID 4872 wrote to memory of 3552	4872	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	92
PID 4872 wrote to memory of 3552	4872	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	92
PID 4872 wrote to memory of 3552	4872	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	92
PID 3552 wrote to memory of 4264	3552	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	93
PID 3552 wrote to memory of 4264	3552	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	93
PID 3552 wrote to memory of 4264	3552	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	93
PID 4264 wrote to memory of 1036	4264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	94
PID 4264 wrote to memory of 1036	4264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	94
PID 4264 wrote to memory of 1036	4264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	94
PID 1036 wrote to memory of 5088	1036	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	95
PID 1036 wrote to memory of 5088	1036	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	95
PID 1036 wrote to memory of 5088	1036	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	95
PID 5088 wrote to memory of 1384	5088	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	96
PID 5088 wrote to memory of 1384	5088	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	96
PID 5088 wrote to memory of 1384	5088	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	96
PID 1384 wrote to memory of 2008	1384	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	97
PID 1384 wrote to memory of 2008	1384	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	97
PID 1384 wrote to memory of 2008	1384	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	97
PID 2008 wrote to memory of 2264	2008	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	99
PID 2008 wrote to memory of 2264	2008	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	99
PID 2008 wrote to memory of 2264	2008	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	99
PID 2264 wrote to memory of 1444	2264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	100
PID 2264 wrote to memory of 1444	2264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	100
PID 2264 wrote to memory of 1444	2264	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	100
PID 1444 wrote to memory of 812	1444	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	101
PID 1444 wrote to memory of 812	1444	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	101
PID 1444 wrote to memory of 812	1444	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	101
PID 812 wrote to memory of 748	812	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	103
PID 812 wrote to memory of 748	812	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	103
PID 812 wrote to memory of 748	812	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	103
PID 748 wrote to memory of 3240	748	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	104
PID 748 wrote to memory of 3240	748	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	104
PID 748 wrote to memory of 3240	748	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	104
PID 3240 wrote to memory of 4896	3240	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	105
PID 3240 wrote to memory of 4896	3240	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	105
PID 3240 wrote to memory of 4896	3240	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	105
PID 4896 wrote to memory of 2832	4896	7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe	106

C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
"C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
  "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
    "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
      "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        14⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        23⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        24⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        25⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        26⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        27⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        28⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        29⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        30⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        31⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        32⤵
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        34⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        35⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        36⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        38⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        39⤵
        Drops file in Program Files directory
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        40⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        41⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        42⤵
        Drops file in Program Files directory
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        43⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        44⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        45⤵
        Drops file in Program Files directory
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        46⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        47⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        48⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        49⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        50⤵
        Drops file in Program Files directory
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        51⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        52⤵
        Drops file in Program Files directory
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        53⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        54⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        55⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        56⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        57⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        58⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        59⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        60⤵
        Drops file in Program Files directory
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        61⤵
        Drops file in Program Files directory
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        62⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        63⤵
        Drops file in Program Files directory
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        64⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        65⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        66⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        67⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        68⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        69⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        70⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        71⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        72⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        73⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        74⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        75⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        76⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        77⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        79⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        81⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        82⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        83⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        84⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        85⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        86⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        87⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        88⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        89⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        90⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        91⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        92⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        93⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        94⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        95⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        96⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        97⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        98⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        99⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        100⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        101⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        102⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        103⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        104⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        105⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        106⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        107⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        108⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        109⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        110⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        111⤵
        Drops file in Program Files directory
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        112⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        113⤵
        Drops file in Program Files directory
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        115⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        116⤵
        Drops file in Program Files directory
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        117⤵
        Drops file in Program Files directory
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        118⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        120⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        122⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        123⤵
        Drops file in Program Files directory
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        124⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        125⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        126⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        127⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        128⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        129⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        130⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        131⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        132⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        133⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        134⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        135⤵
        Drops file in Program Files directory
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        137⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        138⤵
        Drops file in Program Files directory
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        139⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        140⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        142⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        143⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        144⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        145⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        146⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        147⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        148⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        149⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        150⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        151⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        152⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        153⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        155⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        156⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        157⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        158⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        159⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        160⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        161⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        162⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        163⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        164⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        165⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        166⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        167⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        168⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        169⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        170⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        171⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        172⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        174⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        175⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        176⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        177⤵
        Drops file in Program Files directory
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        178⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        179⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        181⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        182⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        183⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        184⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        185⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        186⤵
        Drops file in Program Files directory
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        187⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        188⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        189⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        190⤵
        Drops file in Program Files directory
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        192⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        193⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        194⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        195⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        196⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        197⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        198⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        199⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        200⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        201⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        202⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        203⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        204⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        205⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        206⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        207⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        208⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        209⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        210⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        211⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        212⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        213⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        214⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        215⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        217⤵
        System Location Discovery: System Language Discovery
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        218⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        219⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        220⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        221⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        222⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        223⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        224⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        225⤵
        Drops file in Program Files directory
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        226⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        227⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        228⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        229⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        230⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        231⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        232⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        233⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        234⤵
        Drops file in Program Files directory
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        235⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        236⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        237⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        238⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        239⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        240⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        241⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        242⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        243⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        244⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        245⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        246⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        247⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        248⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        249⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        250⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        251⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        252⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        253⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        254⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        255⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        256⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        257⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        258⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        259⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        260⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        261⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        262⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        263⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        264⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        265⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        266⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        267⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        268⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        269⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        270⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        271⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        272⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        273⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        274⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        275⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        276⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        277⤵
        System Location Discovery: System Language Discovery
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        278⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        279⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        280⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        281⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        282⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        283⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        284⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        285⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        286⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        287⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        288⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        289⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        290⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        291⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        292⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        293⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        294⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        295⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        296⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        297⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        298⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        299⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        300⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        301⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        302⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        303⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        304⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        305⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        306⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        307⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        308⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        309⤵
        System Location Discovery: System Language Discovery
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        310⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        311⤵
        System Location Discovery: System Language Discovery
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        312⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        313⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        314⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        315⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        316⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        317⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        318⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        319⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        320⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        321⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        322⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        323⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        324⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        325⤵
        System Location Discovery: System Language Discovery
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        326⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        327⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        328⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        329⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        330⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        331⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        332⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        333⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        334⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        335⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        336⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        337⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        338⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        339⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        340⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        341⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        342⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        343⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        344⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        345⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        346⤵
        System Location Discovery: System Language Discovery
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        347⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        348⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        349⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        350⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        351⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        352⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        353⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        354⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        355⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        356⤵
        System Location Discovery: System Language Discovery
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        357⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        358⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        359⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        360⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        361⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        362⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        363⤵
        System Location Discovery: System Language Discovery
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        364⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        365⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        366⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        367⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        368⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        369⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        370⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        371⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        372⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        373⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        374⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        375⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        376⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        377⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        378⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        379⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        380⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        381⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        382⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        383⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        384⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        385⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        386⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        387⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        388⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        389⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        390⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        391⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        392⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        393⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        394⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        395⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        396⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        397⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        398⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        399⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        400⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        401⤵
        Drops file in Program Files directory
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        402⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        403⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        404⤵
        System Location Discovery: System Language Discovery
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        405⤵
        Drops file in Program Files directory
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        406⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        407⤵
        Drops file in Program Files directory
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        408⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        409⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        410⤵
        Drops file in Program Files directory
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        411⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        412⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        413⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        414⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        415⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        416⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        417⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        418⤵
        Drops file in Program Files directory
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        419⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        420⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        421⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        422⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        423⤵
        Drops file in Program Files directory
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        424⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        425⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        426⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        427⤵
        Drops file in Program Files directory
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        428⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        429⤵
        Drops file in Program Files directory
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        430⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        431⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        432⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        433⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        434⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        435⤵
        Drops file in Program Files directory
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        436⤵
        Drops file in Program Files directory
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        437⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        438⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        439⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        440⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        441⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        442⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        443⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        444⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        445⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        446⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        447⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        448⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        449⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        450⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        451⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        452⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        453⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        454⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        455⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        456⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        457⤵
        System Location Discovery: System Language Discovery
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        458⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        459⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        460⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        461⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        462⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        463⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        464⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        465⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        466⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        467⤵
        System Location Discovery: System Language Discovery
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        468⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        469⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        470⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        471⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        472⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        473⤵
        System Location Discovery: System Language Discovery
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        474⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        475⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        476⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        477⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        478⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        479⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        480⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        481⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        482⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        483⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        484⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        485⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        486⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        487⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        488⤵
        System Location Discovery: System Language Discovery
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        489⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        490⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        491⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        492⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        493⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        494⤵
        System Location Discovery: System Language Discovery
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        495⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        496⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        497⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        498⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        499⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        500⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        501⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        502⤵
        Drops file in Program Files directory
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        503⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        504⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        505⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        506⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        507⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        508⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        509⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        510⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        511⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        512⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        513⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        514⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        515⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        516⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        517⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        518⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        519⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        520⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        521⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        522⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        523⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        524⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        525⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        526⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        527⤵
        System Location Discovery: System Language Discovery
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        528⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        529⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        530⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        531⤵
        System Location Discovery: System Language Discovery
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        532⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        533⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        534⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        535⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        536⤵
        System Location Discovery: System Language Discovery
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        537⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        538⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        539⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        540⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        541⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        542⤵
        System Location Discovery: System Language Discovery
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        543⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        544⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        545⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        546⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        547⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        548⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        549⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        550⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        551⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        552⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        553⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        554⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        555⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        556⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        557⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        558⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        559⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        560⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        561⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        562⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        563⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        564⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        565⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        566⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        567⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        568⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        569⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        570⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        571⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        572⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        573⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        574⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        575⤵
        Drops file in Program Files directory
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        576⤵
        System Location Discovery: System Language Discovery
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        577⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        578⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        579⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        580⤵
        Drops file in Program Files directory
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        581⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        582⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        583⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        584⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        585⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        586⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        587⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        588⤵
        System Location Discovery: System Language Discovery
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        589⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        590⤵
        System Location Discovery: System Language Discovery
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        591⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        592⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        593⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        594⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        595⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        596⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        597⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        598⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        599⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        600⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        601⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        602⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        603⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        604⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        605⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        606⤵
        System Location Discovery: System Language Discovery
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        607⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        608⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        609⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        610⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        611⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        612⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        613⤵
        Drops file in Program Files directory
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        614⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        615⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        616⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        617⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        618⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        619⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        620⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        621⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        622⤵
        Drops file in Program Files directory
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        623⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        624⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        625⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        626⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        627⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        628⤵
        Drops file in Program Files directory
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        629⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        630⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        631⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        632⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        633⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        634⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        635⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        636⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        637⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        638⤵
        Drops file in Program Files directory
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        639⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        640⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        641⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        642⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        643⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        644⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        645⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        646⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        647⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        648⤵
        System Location Discovery: System Language Discovery
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        649⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        650⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        651⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        652⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        653⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        654⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        655⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        656⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        657⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        658⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        659⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        660⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        661⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        662⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        663⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        664⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        665⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        666⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        667⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        668⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        669⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        670⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        671⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        672⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        673⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        674⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        675⤵
        System Location Discovery: System Language Discovery
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        676⤵
        Drops file in Program Files directory
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        677⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        678⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        679⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        680⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        681⤵
        System Location Discovery: System Language Discovery
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        682⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        683⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        684⤵
        Drops file in Program Files directory
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70N.exe"
        685⤵
        Drops file in Program Files directory
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 436
        504⤵
        Program crash
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 436
        504⤵
        Program crash
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 436
        503⤵
        Program crash
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 436
        503⤵
        Program crash
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 436
        502⤵
        Program crash
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 436
        502⤵
        Program crash
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 400
        496⤵
        Program crash
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 436
        303⤵
        Program crash
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 436
        303⤵
        Program crash
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 440
        270⤵
        Program crash
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 432
        260⤵
        Program crash
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 484
        260⤵
        Program crash
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 432
        259⤵
        Program crash
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 432
        259⤵
        Program crash
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 448
        240⤵
        Program crash
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 432
        231⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 388
        226⤵
        Program crash
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 384
        224⤵
        Program crash
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 428
        223⤵
        Program crash
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 372
        222⤵
        Program crash
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 132
        173⤵
        Program crash
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 132
        173⤵
        Program crash
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 388
        172⤵
        Program crash
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 448
        134⤵
        Program crash
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 392
        129⤵
        Program crash
        
        PID:1672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 456
        127⤵
        Program crash
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 456
        127⤵
        Program crash
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 388
        124⤵
        Program crash
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 388
        124⤵
        Program crash
        
        PID:1156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 440
        119⤵
        Program crash
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 404
        118⤵
        Program crash
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 404
        118⤵
        Program crash
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 436
        115⤵
        Program crash
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 444
        114⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 464
        114⤵
        Program crash
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 456
        112⤵
        Program crash
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 436
        59⤵
        Program crash
        
        PID:1388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 388
        58⤵
        Program crash
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 476
        42⤵
        Program crash
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 436
        37⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 456
        37⤵
        Program crash
        
        PID:672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 476
        27⤵
        Program crash
        
        PID:9268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 440
        5⤵
        Program crash
        
        PID:6540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 440
        5⤵
        Program crash
        
        PID:1340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 440
      4⤵
      Program crash
      PID:6180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 440
      4⤵
      Program crash
      PID:6568
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 440
    3⤵
    - Program crash
    PID:6632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 440
    3⤵
    - Program crash
    PID:6808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 468
  2⤵
  - Program crash
  PID:5864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 468
  2⤵
  - Program crash
  PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4052 -ip 4052
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4052 -ip 4052
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3540 -ip 3540
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3540 -ip 3540
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3692 -ip 3692
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3692 -ip 3692
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1004 -ip 1004
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5228 -ip 5228
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5276 -ip 5276
1⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5340 -ip 5340
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5424 -ip 5424
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5244 -ip 5244
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5456 -ip 5456
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5356 -ip 5356
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5392 -ip 5392
1⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5440 -ip 5440
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5636 -ip 5636
1⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5568 -ip 5568
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5408 -ip 5408
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5536 -ip 5536
1⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5520 -ip 5520
1⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5620 -ip 5620
1⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5504 -ip 5504
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5684 -ip 5684
1⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5660 -ip 5660
1⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5604 -ip 5604
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5588 -ip 5588
1⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5744 -ip 5744
1⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5552 -ip 5552
1⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5244 -ip 5244
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5456 -ip 5456
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5392 -ip 5392
1⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5356 -ip 5356
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5636 -ip 5636
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5440 -ip 5440
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5568 -ip 5568
1⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5536 -ip 5536
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5408 -ip 5408
1⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5520 -ip 5520
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5620 -ip 5620
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5660 -ip 5660
1⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5684 -ip 5684
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1004 -ip 1004
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 8780 -ip 8780
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7956 -ip 7956
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5604 -ip 5604
1⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5744 -ip 5744
1⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5504 -ip 5504
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5552 -ip 5552
1⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5588 -ip 5588
1⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7956 -ip 7956
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 8780 -ip 8780
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5424 -ip 5424
1⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5228 -ip 5228
1⤵
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5276 -ip 5276
1⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5340 -ip 5340
1⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6616 -ip 6616
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6864 -ip 6864
1⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6792 -ip 6792
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6324 -ip 6324
1⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6744 -ip 6744
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6760 -ip 6760
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6672 -ip 6672
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5292 -ip 5292
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6356 -ip 6356
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6728 -ip 6728
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6652 -ip 6652
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5488 -ip 5488
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5372 -ip 5372
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6824 -ip 6824
1⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6688 -ip 6688
1⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5308 -ip 5308
1⤵
PID:1032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6392 -ip 6392
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6592 -ip 6592
1⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6700 -ip 6700
1⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6280 -ip 6280
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6848 -ip 6848
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6376 -ip 6376
1⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6616 -ip 6616
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6864 -ip 6864
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6744 -ip 6744
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6760 -ip 6760
1⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6792 -ip 6792
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6672 -ip 6672
1⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6324 -ip 6324
1⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5292 -ip 5292
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6356 -ip 6356
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6652 -ip 6652
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5488 -ip 5488
1⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6728 -ip 6728
1⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6824 -ip 6824
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6688 -ip 6688
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5372 -ip 5372
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5308 -ip 5308
1⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6392 -ip 6392
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6848 -ip 6848
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6700 -ip 6700
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6592 -ip 6592
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6280 -ip 6280
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6376 -ip 6376
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5472 -ip 5472
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5472 -ip 5472
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7544 -ip 7544
1⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7544 -ip 7544
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7528 -ip 7528
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 7528 -ip 7528
1⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2492 -ip 2492
1⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2492 -ip 2492
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5324 -ip 5324
1⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5324 -ip 5324
1⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1824 -ip 1824
1⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4192 -ip 4192
1⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6528 -ip 6528
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6564 -ip 6564
1⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 7112 -ip 7112
1⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7124 -ip 7124
1⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1048 -ip 1048
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6564 -ip 6564
1⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7112 -ip 7112
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3580 -ip 3580
1⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1048 -ip 1048
1⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 9484 -ip 9484
1⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7124 -ip 7124
1⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 9548 -ip 9548
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 9508 -ip 9508
1⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7140 -ip 7140
1⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 9608 -ip 9608
1⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 9592 -ip 9592
1⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 9528 -ip 9528
1⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 920 -ip 920
1⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3728 -ip 3728
1⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 9568 -ip 9568
1⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 9484 -ip 9484
1⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3580 -ip 3580
1⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 9792 -ip 9792
1⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6976 -ip 6976
1⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 9768 -ip 9768
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7084 -ip 7084
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 9636 -ip 9636
1⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5040 -ip 5040
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 9900 -ip 9900
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 9548 -ip 9548
1⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 7256 -ip 7256
1⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 9924 -ip 9924
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 10232 -ip 10232
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6492 -ip 6492
1⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7224 -ip 7224
1⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7176 -ip 7176
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7192 -ip 7192
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 9732 -ip 9732
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 9964 -ip 9964
1⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7208 -ip 7208
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 9824 -ip 9824
1⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 9804 -ip 9804
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7240 -ip 7240
1⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 9848 -ip 9848
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 9884 -ip 9884
1⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 10000 -ip 10000
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6976 -ip 6976
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 9868 -ip 9868
1⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 9528 -ip 9528
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 7140 -ip 7140
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 9608 -ip 9608
1⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 10136 -ip 10136
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 9592 -ip 9592
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4192 -ip 4192
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 9568 -ip 9568
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 9636 -ip 9636
1⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 9792 -ip 9792
1⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 9768 -ip 9768
1⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7256 -ip 7256
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7084 -ip 7084
1⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 10232 -ip 10232
1⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7192 -ip 7192
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5040 -ip 5040
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 920 -ip 920
1⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 9732 -ip 9732
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 9964 -ip 9964
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6528 -ip 6528
1⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 9824 -ip 9824
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6492 -ip 6492
1⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7208 -ip 7208
1⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7240 -ip 7240
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 9508 -ip 9508
1⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 9804 -ip 9804
1⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10000 -ip 10000
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 9900 -ip 9900
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 9848 -ip 9848
1⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 9924 -ip 9924
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1824 -ip 1824
1⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 9868 -ip 9868
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1744 -ip 1744
1⤵
PID:9776

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv myj/V95wBkWZ6XTJ+6zBSQ.0.1
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 9884 -ip 9884
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2448 -ip 2448
1⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7176 -ip 7176
1⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2020 -ip 2020
1⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2380 -ip 2380
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4840 -ip 4840
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 1624 -ip 1624
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1244 -ip 1244
1⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 3440 -ip 3440
1⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2076 -ip 2076
1⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3084 -ip 3084
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 548 -ip 548
1⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3088 -ip 3088
1⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3116 -ip 3116
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3620 -ip 3620
1⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 3752 -ip 3752
1⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 4280 -ip 4280
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 2700 -ip 2700
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4488 -ip 4488
1⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1800 -ip 1800
1⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2316 -ip 2316
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1360 -ip 1360
1⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1804 -ip 1804
1⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 3648 -ip 3648
1⤵
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 4720 -ip 4720
1⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1216 -ip 1216
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3952 -ip 3952
1⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3452 -ip 3452
1⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1464 -ip 1464
1⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4652 -ip 4652
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4216 -ip 4216
1⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 4480 -ip 4480
1⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3444 -ip 3444
1⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3248 -ip 3248
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4928 -ip 4928
1⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3344 -ip 3344
1⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4120 -ip 4120
1⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 924 -ip 924
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5056 -ip 5056
1⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2152 -ip 2152
1⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2464 -ip 2464
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 2448 -ip 2448
1⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1744 -ip 1744
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2020 -ip 2020
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2380 -ip 2380
1⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 4840 -ip 4840
1⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3440 -ip 3440
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 1244 -ip 1244
1⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 1624 -ip 1624
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2076 -ip 2076
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 548 -ip 548
1⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3084 -ip 3084
1⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3116 -ip 3116
1⤵
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3088 -ip 3088
1⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3752 -ip 3752
1⤵
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 3620 -ip 3620
1⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4280 -ip 4280
1⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 4488 -ip 4488
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2700 -ip 2700
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1800 -ip 1800
1⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 2316 -ip 2316
1⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 1360 -ip 1360
1⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 1804 -ip 1804
1⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3648 -ip 3648
1⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 1216 -ip 1216
1⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 4720 -ip 4720
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3952 -ip 3952
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3452 -ip 3452
1⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 1464 -ip 1464
1⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 4216 -ip 4216
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4652 -ip 4652
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 4480 -ip 4480
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3444 -ip 3444
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 3248 -ip 3248
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 4928 -ip 4928
1⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 3344 -ip 3344
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4120 -ip 4120
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5056 -ip 5056
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2464 -ip 2464
1⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 924 -ip 924
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2152 -ip 2152
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 3728 -ip 3728
1⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7224 -ip 7224
1⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 10136 -ip 10136
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5260 -ip 5260
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 4380 -ip 4380
1⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5260 -ip 5260
1⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4380 -ip 4380
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6300 -ip 6300
1⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6300 -ip 6300
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5336 -ip 5336
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5336 -ip 5336
1⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 11208 -ip 11208
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 3844 -ip 3844
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 11208 -ip 11208
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3844 -ip 3844
1⤵
PID:11100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zG.exe

Filesize
1.3MB

MD5
eb1fa794a2c299f3846bef65f9b520a9

SHA1
049169b7871af6be93e583ade22a77c098f4f280

SHA256
762cfce31d294d235f2ec109a660167c74781147025c11919ab9b58e063c4eb0

SHA512
1f36389d8a2f42f7690c20ad2c173b41c3763876f80ab0c27e145db8e3dc8e8aae88911fe0850371a21bbd872eb81c1aa890936208f5cd0242b86cab16c8431c

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
633KB

MD5
03fb0e443428e0ecd9d872d7ae6a89b1

SHA1
419ea02ebb9c5f96eed175e9d1e1c583d449dcfb

SHA256
e8a52653973def3cdb6620242abe4df8caca7149ca42e9c6d8849c892392e140

SHA512
75d86c65c8d4369d13ed5985eadc3a9e10e42b83810f0900e8fc1179605bb6cdab3345c8ebdd2fef8ea9e06108cd2d5f90f15eb0359e5527111fdf3ac84b186e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.8MB

MD5
ae1ae3067d931d9ded6603f06f55bac4

SHA1
47861a04ce57f12bc5f132ad1d9eb946213fccfa

SHA256
3b4d454bd4f3902d1a76f4769cbdfe65db3212fdf25cef8e0ca13c104880788e

SHA512
7e79a8878e7026cf9772c2a4b66565219eb8e7ff95fc0b8cdda13e663f0758a5e76bb220b3ac05875f86a80e570d91cc7058ad3bbe45b2d6fbb75720b50673a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXA472.tmp

Filesize
1.5MB

MD5
17d0153221b206034ac6b4a19f7e8652

SHA1
38d663acf5f9204e773702e159d8cbc7057e4348

SHA256
a1221a20cad6cf361a37c0df3debd280ed751e1113a52e96cc43326d45acbc3a

SHA512
d51658866c0877da1a4477aed3ec48a5d61cd958230f59de874cd28667e527f3fd783614af908d0d4c0b44dd1680171b67cc7265a0b79a58ead84b8bce5fdd40

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXF1A5.tmp

Filesize
5.1MB

MD5
bc67d2857752bb83b042bdd77eb3b841

SHA1
7439175ab26fbd414c8aa6ce79251a06ff95b604

SHA256
cf3a6eea6e37cdd1509fe59307c4626626b1bc8d2cb62c7adbdb9c220dfcfcd6

SHA512
8cd6ffea601c9327fac0788e9d3f7845ddc08fa669bd4c71981a4ee803fe78d6ca6ff3c0ad5d317830a1805163c71b65535b596f5051db2af28deea6c47cc083

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUc9897.tmp

Filesize
5.4MB

MD5
bf704210113e53ad682a4313d177f330

SHA1
bd43704b1aef2eab289a9b9542337e9ebf795820

SHA256
7f82a6d845b056fb30261e4685ac331371265a26d9849ed6048c7fbb4e5bee70

SHA512
5224dcb8b5b218e3cc066a2920dfc2cf047c80462a969f8618568ee370f8ce0b3708b44201c41963e74b66aa971a286df41b6bc266cd1679f42fd9ab93c07300

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUc9E16.tmp

Filesize
5.1MB

MD5
3ffe9550b0a400557e44d256c79dbd43

SHA1
3a45f01439e8da7fd6c610e8250e9ebe0aee6290

SHA256
0fc3066e2550902442ea93f559fe7282ed66cd7aad02ea05fab89390a26b9fac

SHA512
e5ca2990a7edb68cd281db4b93d96c5009d5319bbd422e0966a2bd19e3042e73cca4747b871729265d58d762b5ce9893f9fff42a275d03b1c818761a092cabca

Download Submit
C:\Users\Admin\AppData\Local\Temp\pUcA1DE.tmp

Filesize
604KB

MD5
965d22cf2a5379f6cdb2db384b8b81a2

SHA1
2096249c54b825f0f897530165403efae31237a6

SHA256
a18141a31bac3735356fa6dde599d6127a16e63db4da8621c10b9cf53a1702d7

SHA512
7d44bb01d64bfe82a05ba9e18d8d24f8f72301c686d354c4f2711e8fb9af95373e5cb7d5d0885321e3a867199a5d179b73f075b9797aceed195869c7106ab1ad

Download Submit
memory/32-225-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/232-768-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/548-782-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/748-763-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/812-229-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/924-830-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1004-776-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1036-219-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1156-226-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1244-781-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1260-199-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1384-221-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1440-227-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1444-228-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1464-807-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1524-821-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1624-790-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1640-800-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1744-777-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/1816-798-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2008-218-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2020-779-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2076-793-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2100-822-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2264-216-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2380-788-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2448-778-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2700-792-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/2832-766-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3084-826-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3088-801-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3116-828-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3240-764-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3440-799-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3452-827-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3540-135-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3552-222-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3620-824-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3692-172-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3696-224-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3752-783-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/3952-825-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4052-94-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4076-767-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4116-808-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4120-831-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4216-829-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4264-217-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4280-794-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4380-791-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4488-787-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4652-823-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4840-780-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4872-223-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/4896-765-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/5088-220-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/5392-832-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6880-769-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6900-770-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6920-771-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6932-772-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6952-773-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6968-774-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download
memory/6988-775-0x0000000000400000-0x000000000096D000-memory.dmp

Filesize
5.4MB

Download