0a4fd3c2a316e67d5ef7cfef9e3d9687939351264fe621f7d1e33015f1fa290a

Analysis

max time kernel
150s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 14:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-14_c02cb81b9e57ef000e59f7a1fe759807_mafia.exe
Size

520KB
MD5

c02cb81b9e57ef000e59f7a1fe759807
SHA1

0c329eda1642544888b5730e12b8534cff68fe78
SHA256

0a4fd3c2a316e67d5ef7cfef9e3d9687939351264fe621f7d1e33015f1fa290a
SHA512

8492145dc362f8bd24320f3d53562139c45a62060f2f2fab892b1e064ffd4dc965be0947c237a6e3057b4673d9f2b0c66997b1ee65cfe0109a6a6ec2ec83c432
SSDEEP

12288:roRXOQjmOypsO0XMaiygl2HZZjwxZIyBNOQANZE:rogQ9ypsf/SOZZjwxZVMPN6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3316	A6A0.tmp
3032	A72D.tmp
1192	A79A.tmp
2368	A817.tmp
4124	A8B3.tmp
2768	A950.tmp
2620	A9BD.tmp
3460	AA2A.tmp
1632	AAB7.tmp
4288	AB53.tmp
3520	ABC1.tmp
3852	AC2E.tmp
2936	AC9B.tmp
5092	AD38.tmp
1604	ADB5.tmp
2168	AE22.tmp
5000	AEAF.tmp
4692	AF1C.tmp
3640	AF89.tmp
3576	AFD7.tmp
3972	B045.tmp
1972	B0B2.tmp
2328	B12F.tmp
2456	B1DB.tmp
1892	B277.tmp
700	B304.tmp
1588	B371.tmp
408	B3FE.tmp
4676	B48B.tmp
1656	B517.tmp
3988	B575.tmp
4848	B602.tmp
3968	B66F.tmp
716	B6BD.tmp
792	B70B.tmp
3800	B759.tmp
1120	B7A7.tmp
4224	B805.tmp
2200	B853.tmp
2148	B8B1.tmp
1924	B8FF.tmp
372	B94D.tmp
2892	B9AB.tmp
4348	B9F9.tmp
5076	BA47.tmp
968	BAF3.tmp
216	BB61.tmp
1056	BBBE.tmp
1532	BC2C.tmp
2840	BC7A.tmp
2640	BCE7.tmp
1784	BD45.tmp
2376	BD93.tmp
2368	BE00.tmp
2656	BE5E.tmp
3088	BEBC.tmp
4528	BF29.tmp
1920	BF77.tmp
3508	BFD5.tmp
3156	C023.tmp
4924	C081.tmp
4372	C0DF.tmp
2360	C12D.tmp
3520	C17B.tmp

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	A9BD.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CC05.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2630.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6D4B.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	E9BF.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DDDD.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	F3D6.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2BBE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9381.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5F42.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8383.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C985.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	E7EA.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AC2E.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DB6C.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1085.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	26DC.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	E1.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	601.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	D263.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	D3BB.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	30B0.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BA71.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9035.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	961.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6230.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	87B9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8F79.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4A9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14C6.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	E3A9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EB69.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35E0.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FAF5.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	F7B9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C3FC.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	17F8.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BDFC.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	F6BF.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DE3A.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	67FC.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	823B.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	84EA.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 3316	216	2024-10-14_c02cb81b9e57ef000e59f7a1fe759807_mafia.exe	85
PID 216 wrote to memory of 3316	216	2024-10-14_c02cb81b9e57ef000e59f7a1fe759807_mafia.exe	85
PID 216 wrote to memory of 3316	216	2024-10-14_c02cb81b9e57ef000e59f7a1fe759807_mafia.exe	85
PID 3316 wrote to memory of 3032	3316	A6A0.tmp	87
PID 3316 wrote to memory of 3032	3316	A6A0.tmp	87
PID 3316 wrote to memory of 3032	3316	A6A0.tmp	87
PID 3032 wrote to memory of 1192	3032	A72D.tmp	88
PID 3032 wrote to memory of 1192	3032	A72D.tmp	88
PID 3032 wrote to memory of 1192	3032	A72D.tmp	88
PID 1192 wrote to memory of 2368	1192	A79A.tmp	89
PID 1192 wrote to memory of 2368	1192	A79A.tmp	89
PID 1192 wrote to memory of 2368	1192	A79A.tmp	89
PID 2368 wrote to memory of 4124	2368	A817.tmp	90
PID 2368 wrote to memory of 4124	2368	A817.tmp	90
PID 2368 wrote to memory of 4124	2368	A817.tmp	90
PID 4124 wrote to memory of 2768	4124	A8B3.tmp	91
PID 4124 wrote to memory of 2768	4124	A8B3.tmp	91
PID 4124 wrote to memory of 2768	4124	A8B3.tmp	91
PID 2768 wrote to memory of 2620	2768	A950.tmp	92
PID 2768 wrote to memory of 2620	2768	A950.tmp	92
PID 2768 wrote to memory of 2620	2768	A950.tmp	92
PID 2620 wrote to memory of 3460	2620	A9BD.tmp	93
PID 2620 wrote to memory of 3460	2620	A9BD.tmp	93
PID 2620 wrote to memory of 3460	2620	A9BD.tmp	93
PID 3460 wrote to memory of 1632	3460	AA2A.tmp	94
PID 3460 wrote to memory of 1632	3460	AA2A.tmp	94
PID 3460 wrote to memory of 1632	3460	AA2A.tmp	94
PID 1632 wrote to memory of 4288	1632	AAB7.tmp	95
PID 1632 wrote to memory of 4288	1632	AAB7.tmp	95
PID 1632 wrote to memory of 4288	1632	AAB7.tmp	95
PID 4288 wrote to memory of 3520	4288	AB53.tmp	96
PID 4288 wrote to memory of 3520	4288	AB53.tmp	96
PID 4288 wrote to memory of 3520	4288	AB53.tmp	96
PID 3520 wrote to memory of 3852	3520	ABC1.tmp	97
PID 3520 wrote to memory of 3852	3520	ABC1.tmp	97
PID 3520 wrote to memory of 3852	3520	ABC1.tmp	97
PID 3852 wrote to memory of 2936	3852	AC2E.tmp	98
PID 3852 wrote to memory of 2936	3852	AC2E.tmp	98
PID 3852 wrote to memory of 2936	3852	AC2E.tmp	98
PID 2936 wrote to memory of 5092	2936	AC9B.tmp	99
PID 2936 wrote to memory of 5092	2936	AC9B.tmp	99
PID 2936 wrote to memory of 5092	2936	AC9B.tmp	99
PID 5092 wrote to memory of 1604	5092	AD38.tmp	100
PID 5092 wrote to memory of 1604	5092	AD38.tmp	100
PID 5092 wrote to memory of 1604	5092	AD38.tmp	100
PID 1604 wrote to memory of 2168	1604	ADB5.tmp	101
PID 1604 wrote to memory of 2168	1604	ADB5.tmp	101
PID 1604 wrote to memory of 2168	1604	ADB5.tmp	101
PID 2168 wrote to memory of 5000	2168	AE22.tmp	102
PID 2168 wrote to memory of 5000	2168	AE22.tmp	102
PID 2168 wrote to memory of 5000	2168	AE22.tmp	102
PID 5000 wrote to memory of 4692	5000	AEAF.tmp	103
PID 5000 wrote to memory of 4692	5000	AEAF.tmp	103
PID 5000 wrote to memory of 4692	5000	AEAF.tmp	103
PID 4692 wrote to memory of 3640	4692	AF1C.tmp	104
PID 4692 wrote to memory of 3640	4692	AF1C.tmp	104
PID 4692 wrote to memory of 3640	4692	AF1C.tmp	104
PID 3640 wrote to memory of 3576	3640	AF89.tmp	105
PID 3640 wrote to memory of 3576	3640	AF89.tmp	105
PID 3640 wrote to memory of 3576	3640	AF89.tmp	105
PID 3576 wrote to memory of 3972	3576	AFD7.tmp	106
PID 3576 wrote to memory of 3972	3576	AFD7.tmp	106
PID 3576 wrote to memory of 3972	3576	AFD7.tmp	106
PID 3972 wrote to memory of 1972	3972	B045.tmp	107

C:\Users\Admin\AppData\Local\Temp\2024-10-14_c02cb81b9e57ef000e59f7a1fe759807_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_c02cb81b9e57ef000e59f7a1fe759807_mafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\A6A0.tmp
  "C:\Users\Admin\AppData\Local\Temp\A6A0.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3316
- - C:\Users\Admin\AppData\Local\Temp\A72D.tmp
    "C:\Users\Admin\AppData\Local\Temp\A72D.tmp"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\A79A.tmp
      "C:\Users\Admin\AppData\Local\Temp\A79A.tmp"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\A817.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A817.tmp"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\A8B3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A8B3.tmp"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\A950.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A950.tmp"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\A9BD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A9BD.tmp"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\AA2A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AA2A.tmp"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\AAB7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AAB7.tmp"
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\AB53.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AB53.tmp"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\ABC1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ABC1.tmp"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\AC2E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AC2E.tmp"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\AC9B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AC9B.tmp"
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\AD38.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AD38.tmp"
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\ADB5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ADB5.tmp"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\AE22.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AE22.tmp"
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\AEAF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AEAF.tmp"
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\AF1C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AF1C.tmp"
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\AF89.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AF89.tmp"
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\AFD7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AFD7.tmp"
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\B045.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B045.tmp"
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\B0B2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B0B2.tmp"
        23⤵
        Executes dropped EXE
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\B12F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B12F.tmp"
        24⤵
        Executes dropped EXE
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\B1DB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B1DB.tmp"
        25⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\B277.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B277.tmp"
        26⤵
        Executes dropped EXE
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\B304.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B304.tmp"
        27⤵
        Executes dropped EXE
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\B371.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B371.tmp"
        28⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\B3FE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B3FE.tmp"
        29⤵
        Executes dropped EXE
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\B48B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B48B.tmp"
        30⤵
        Executes dropped EXE
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\B517.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B517.tmp"
        31⤵
        Executes dropped EXE
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\B575.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B575.tmp"
        32⤵
        Executes dropped EXE
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\B602.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B602.tmp"
        33⤵
        Executes dropped EXE
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\B66F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B66F.tmp"
        34⤵
        Executes dropped EXE
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\B6BD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B6BD.tmp"
        35⤵
        Executes dropped EXE
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\B70B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B70B.tmp"
        36⤵
        Executes dropped EXE
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\B759.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B759.tmp"
        37⤵
        Executes dropped EXE
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\B7A7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B7A7.tmp"
        38⤵
        Executes dropped EXE
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\B805.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B805.tmp"
        39⤵
        Executes dropped EXE
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\B853.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B853.tmp"
        40⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\B8B1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B8B1.tmp"
        41⤵
        Executes dropped EXE
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\B8FF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B8FF.tmp"
        42⤵
        Executes dropped EXE
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\B94D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B94D.tmp"
        43⤵
        Executes dropped EXE
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\B9AB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B9AB.tmp"
        44⤵
        Executes dropped EXE
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\B9F9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B9F9.tmp"
        45⤵
        Executes dropped EXE
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\BA47.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BA47.tmp"
        46⤵
        Executes dropped EXE
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\BAA5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BAA5.tmp"
        47⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\BAF3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BAF3.tmp"
        48⤵
        Executes dropped EXE
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\BB61.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BB61.tmp"
        49⤵
        Executes dropped EXE
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\BBBE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BBBE.tmp"
        50⤵
        Executes dropped EXE
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\BC2C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BC2C.tmp"
        51⤵
        Executes dropped EXE
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\BC7A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BC7A.tmp"
        52⤵
        Executes dropped EXE
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\BCE7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BCE7.tmp"
        53⤵
        Executes dropped EXE
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\BD45.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BD45.tmp"
        54⤵
        Executes dropped EXE
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\BD93.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BD93.tmp"
        55⤵
        Executes dropped EXE
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\BE00.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BE00.tmp"
        56⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\BE5E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BE5E.tmp"
        57⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\BEBC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BEBC.tmp"
        58⤵
        Executes dropped EXE
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\BF29.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BF29.tmp"
        59⤵
        Executes dropped EXE
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\BF77.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BF77.tmp"
        60⤵
        Executes dropped EXE
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\BFD5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BFD5.tmp"
        61⤵
        Executes dropped EXE
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\C023.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C023.tmp"
        62⤵
        Executes dropped EXE
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\C081.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C081.tmp"
        63⤵
        Executes dropped EXE
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\C0DF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C0DF.tmp"
        64⤵
        Executes dropped EXE
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\C12D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C12D.tmp"
        65⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\C17B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C17B.tmp"
        66⤵
        Executes dropped EXE
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\C1D9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C1D9.tmp"
        67⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\C237.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C237.tmp"
        68⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\C285.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C285.tmp"
        69⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\C2E2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C2E2.tmp"
        70⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\C340.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C340.tmp"
        71⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\C39E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C39E.tmp"
        72⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\C3FC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C3FC.tmp"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\C44A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C44A.tmp"
        74⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\C4A8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C4A8.tmp"
        75⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\C505.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C505.tmp"
        76⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\C563.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C563.tmp"
        77⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\C5B1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C5B1.tmp"
        78⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\C5FF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C5FF.tmp"
        79⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\C65D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C65D.tmp"
        80⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\C6CA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C6CA.tmp"
        81⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\C738.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C738.tmp"
        82⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\C796.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C796.tmp"
        83⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\C7E4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C7E4.tmp"
        84⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\C832.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C832.tmp"
        85⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\C890.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C890.tmp"
        86⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\C8FD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C8FD.tmp"
        87⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\C95B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C95B.tmp"
        88⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\C9C8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C9C8.tmp"
        89⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\CA26.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CA26.tmp"
        90⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\CA93.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CA93.tmp"
        91⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\CAE1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CAE1.tmp"
        92⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\CB2F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CB2F.tmp"
        93⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\CB8D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CB8D.tmp"
        94⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\CBFB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CBFB.tmp"
        95⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\CC58.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CC58.tmp"
        96⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\CCC6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CCC6.tmp"
        97⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\CD33.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CD33.tmp"
        98⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\CD91.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CD91.tmp"
        99⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\CDDF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CDDF.tmp"
        100⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\CE3D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CE3D.tmp"
        101⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\CE9A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CE9A.tmp"
        102⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\CEF8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CEF8.tmp"
        103⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\CF56.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CF56.tmp"
        104⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\CFB4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CFB4.tmp"
        105⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\D021.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D021.tmp"
        106⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\D07F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D07F.tmp"
        107⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\D0DD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D0DD.tmp"
        108⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\D13A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D13A.tmp"
        109⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\D1A8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D1A8.tmp"
        110⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\D205.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D205.tmp"
        111⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\D263.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D263.tmp"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\D2B1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D2B1.tmp"
        113⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\D30F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D30F.tmp"
        114⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\D36D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D36D.tmp"
        115⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\D3BB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D3BB.tmp"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\D419.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D419.tmp"
        117⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\D476.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D476.tmp"
        118⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\D4D4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D4D4.tmp"
        119⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\D532.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D532.tmp"
        120⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\D590.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D590.tmp"
        121⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\D5FD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D5FD.tmp"
        122⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\D66A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D66A.tmp"
        123⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\D6C8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D6C8.tmp"
        124⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\D726.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D726.tmp"
        125⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\D793.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D793.tmp"
        126⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\D7E1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D7E1.tmp"
        127⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\D830.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D830.tmp"
        128⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\D88D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D88D.tmp"
        129⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\D8FB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D8FB.tmp"
        130⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\D958.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D958.tmp"
        131⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\D9A7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D9A7.tmp"
        132⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\DA04.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DA04.tmp"
        133⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\DA52.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DA52.tmp"
        134⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\DAC0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DAC0.tmp"
        135⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\DB0E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DB0E.tmp"
        136⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\DB6C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DB6C.tmp"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\DBBA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DBBA.tmp"
        138⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\DC08.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DC08.tmp"
        139⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\DC56.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DC56.tmp"
        140⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\DCD3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DCD3.tmp"
        141⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\DD31.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DD31.tmp"
        142⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\DD8F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DD8F.tmp"
        143⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\DDDD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DDDD.tmp"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\DE3A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DE3A.tmp"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\DEA8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DEA8.tmp"
        146⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\DF06.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DF06.tmp"
        147⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\DF73.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DF73.tmp"
        148⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\DFC1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DFC1.tmp"
        149⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\E02E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E02E.tmp"
        150⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\E08C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E08C.tmp"
        151⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\E0DA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E0DA.tmp"
        152⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\E138.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E138.tmp"
        153⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\E186.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E186.tmp"
        154⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\E1D4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E1D4.tmp"
        155⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\E222.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E222.tmp"
        156⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\E290.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E290.tmp"
        157⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\E2EE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E2EE.tmp"
        158⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\E34B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E34B.tmp"
        159⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\E3A9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E3A9.tmp"
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\E407.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E407.tmp"
        161⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\E465.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E465.tmp"
        162⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\E4C2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E4C2.tmp"
        163⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\E520.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E520.tmp"
        164⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\E57E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E57E.tmp"
        165⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\E5DC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E5DC.tmp"
        166⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\E62A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E62A.tmp"
        167⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\E678.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E678.tmp"
        168⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\E6E5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E6E5.tmp"
        169⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\E743.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E743.tmp"
        170⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\E791.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E791.tmp"
        171⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\E7EF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E7EF.tmp"
        172⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\E84D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E84D.tmp"
        173⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\E8BA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E8BA.tmp"
        174⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\E908.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E908.tmp"
        175⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\E966.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E966.tmp"
        176⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\E9B4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E9B4.tmp"
        177⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\EA12.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EA12.tmp"
        178⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\EA6F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EA6F.tmp"
        179⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\EACD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EACD.tmp"
        180⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\EB1B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EB1B.tmp"
        181⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\EB69.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EB69.tmp"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\EBB8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EBB8.tmp"
        183⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\EC06.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EC06.tmp"
        184⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\EC54.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EC54.tmp"
        185⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\ECC1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ECC1.tmp"
        186⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\ED2F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ED2F.tmp"
        187⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\ED8C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ED8C.tmp"
        188⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\EDDA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EDDA.tmp"
        189⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\EE29.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EE29.tmp"
        190⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\EE86.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EE86.tmp"
        191⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\EED4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EED4.tmp"
        192⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\EF32.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EF32.tmp"
        193⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\EFA0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EFA0.tmp"
        194⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\EFEE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EFEE.tmp"
        195⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\F03C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F03C.tmp"
        196⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\F09A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F09A.tmp"
        197⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\F0F7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F0F7.tmp"
        198⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\F155.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F155.tmp"
        199⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\F1C2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F1C2.tmp"
        200⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\F220.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F220.tmp"
        201⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\F27E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F27E.tmp"
        202⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\F2DC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F2DC.tmp"
        203⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\F32A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F32A.tmp"
        204⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\F388.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F388.tmp"
        205⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\F3D6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F3D6.tmp"
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\F443.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F443.tmp"
        207⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\F4A1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F4A1.tmp"
        208⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\F50E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F50E.tmp"
        209⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\F56C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F56C.tmp"
        210⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\F5CA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F5CA.tmp"
        211⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\F627.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F627.tmp"
        212⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\F685.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F685.tmp"
        213⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\F6E3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F6E3.tmp"
        214⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\F741.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F741.tmp"
        215⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\F79E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F79E.tmp"
        216⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\F7FC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F7FC.tmp"
        217⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\F85A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F85A.tmp"
        218⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\F8A8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F8A8.tmp"
        219⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\F8F6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F8F6.tmp"
        220⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\F944.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F944.tmp"
        221⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\F9B2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F9B2.tmp"
        222⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\FA0F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FA0F.tmp"
        223⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\FA6D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FA6D.tmp"
        224⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\FACB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FACB.tmp"
        225⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\FB38.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FB38.tmp"
        226⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\FB86.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FB86.tmp"
        227⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\FBF4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FBF4.tmp"
        228⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\FC52.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FC52.tmp"
        229⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\FCA0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FCA0.tmp"
        230⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\FCEE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FCEE.tmp"
        231⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\FD5B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FD5B.tmp"
        232⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\FDA9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FDA9.tmp"
        233⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\FDF7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FDF7.tmp"
        234⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\FE46.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FE46.tmp"
        235⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\FEB3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FEB3.tmp"
        236⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\FF01.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FF01.tmp"
        237⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\FF5F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FF5F.tmp"
        238⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\FFBD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FFBD.tmp"
        239⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\1A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1A.tmp"
        240⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\88.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\88.tmp"
        241⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\E5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E5.tmp"
        242⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\143.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\143.tmp"
        243⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\1A1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1A1.tmp"
        244⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\1EF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1EF.tmp"
        245⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\24D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\24D.tmp"
        246⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\2AB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2AB.tmp"
        247⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\318.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\318.tmp"
        248⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\366.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\366.tmp"
        249⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\3B4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3B4.tmp"
        250⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\412.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\412.tmp"
        251⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\470.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\470.tmp"
        252⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\4BE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4BE.tmp"
        253⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\51C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\51C.tmp"
        254⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\56A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\56A.tmp"
        255⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\5B8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5B8.tmp"
        256⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\606.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\606.tmp"
        257⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\664.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\664.tmp"
        258⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\6C1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6C1.tmp"
        259⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\710.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\710.tmp"
        260⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\76D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\76D.tmp"
        261⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\7DB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7DB.tmp"
        262⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\838.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\838.tmp"
        263⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\896.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\896.tmp"
        264⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\904.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\904.tmp"
        265⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\961.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\961.tmp"
        266⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\9CF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9CF.tmp"
        267⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\A2C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A2C.tmp"
        268⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\A7B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A7B.tmp"
        269⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\AD8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AD8.tmp"
        270⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\B26.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B26.tmp"
        271⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\B84.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B84.tmp"
        272⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BE2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BE2.tmp"
        273⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\C40.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C40.tmp"
        274⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\CAD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CAD.tmp"
        275⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\D0B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D0B.tmp"
        276⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\D59.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D59.tmp"
        277⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\DB7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DB7.tmp"
        278⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\E14.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E14.tmp"
        279⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\E72.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E72.tmp"
        280⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\ED0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ED0.tmp"
        281⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\F1E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F1E.tmp"
        282⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\F7C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F7C.tmp"
        283⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\FDA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FDA.tmp"
        284⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\1028.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1028.tmp"
        285⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\1085.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1085.tmp"
        286⤵
        System Location Discovery: System Language Discovery
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\10E3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\10E3.tmp"
        287⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\1131.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1131.tmp"
        288⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\118F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\118F.tmp"
        289⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\11DD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\11DD.tmp"
        290⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\122B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\122B.tmp"
        291⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\1289.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1289.tmp"
        292⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\12E7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\12E7.tmp"
        293⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\1354.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1354.tmp"
        294⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\13B2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\13B2.tmp"
        295⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\1410.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1410.tmp"
        296⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\145E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\145E.tmp"
        297⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\14AC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\14AC.tmp"
        298⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\150A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\150A.tmp"
        299⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\1558.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1558.tmp"
        300⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\15B6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\15B6.tmp"
        301⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\1604.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1604.tmp"
        302⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\1671.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1671.tmp"
        303⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\16CF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\16CF.tmp"
        304⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\172D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\172D.tmp"
        305⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\178A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\178A.tmp"
        306⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\17F8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\17F8.tmp"
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\1846.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1846.tmp"
        308⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\18A4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\18A4.tmp"
        309⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\18F2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\18F2.tmp"
        310⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\195F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\195F.tmp"
        311⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\19BD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\19BD.tmp"
        312⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\1A1B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1A1B.tmp"
        313⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\1A69.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1A69.tmp"
        314⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\1AC6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1AC6.tmp"
        315⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\1B24.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1B24.tmp"
        316⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\1B72.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1B72.tmp"
        317⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\1BC0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1BC0.tmp"
        318⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\1C1E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1C1E.tmp"
        319⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\1C6C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1C6C.tmp"
        320⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\1CCA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1CCA.tmp"
        321⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\1D18.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1D18.tmp"
        322⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\1D66.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1D66.tmp"
        323⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\1DC4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1DC4.tmp"
        324⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\1E22.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1E22.tmp"
        325⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\1E80.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1E80.tmp"
        326⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\1EDD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1EDD.tmp"
        327⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\1F2B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1F2B.tmp"
        328⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\1F99.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1F99.tmp"
        329⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\2006.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2006.tmp"
        330⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\2074.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2074.tmp"
        331⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\20C2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\20C2.tmp"
        332⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\211F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\211F.tmp"
        333⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\217D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\217D.tmp"
        334⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\21CB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\21CB.tmp"
        335⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\2229.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2229.tmp"
        336⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\2277.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2277.tmp"
        337⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\22E5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\22E5.tmp"
        338⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\2342.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2342.tmp"
        339⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\23A0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\23A0.tmp"
        340⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\23FE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\23FE.tmp"
        341⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\245C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\245C.tmp"
        342⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\24AA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\24AA.tmp"
        343⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\2517.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2517.tmp"
        344⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\2584.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2584.tmp"
        345⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\25D3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\25D3.tmp"
        346⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\2630.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2630.tmp"
        347⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\268E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\268E.tmp"
        348⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\26DC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\26DC.tmp"
        349⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\273A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\273A.tmp"
        350⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\2798.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2798.tmp"
        351⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\27F5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\27F5.tmp"
        352⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\2844.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2844.tmp"
        353⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\2892.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2892.tmp"
        354⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\28E0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\28E0.tmp"
        355⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\293E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\293E.tmp"
        356⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\29AB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\29AB.tmp"
        357⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\2A09.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2A09.tmp"
        358⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\2A66.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2A66.tmp"
        359⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\2AC4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2AC4.tmp"
        360⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\2B12.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2B12.tmp"
        361⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\2B60.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2B60.tmp"
        362⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\2BBE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2BBE.tmp"
        363⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\2C1C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2C1C.tmp"
        364⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\2C7A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2C7A.tmp"
        365⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\2CD7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2CD7.tmp"
        366⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\2D35.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2D35.tmp"
        367⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\2D93.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2D93.tmp"
        368⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\2E00.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2E00.tmp"
        369⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\2E6E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2E6E.tmp"
        370⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\2EBC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2EBC.tmp"
        371⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\2F29.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2F29.tmp"
        372⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\2F87.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2F87.tmp"
        373⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\2FF4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2FF4.tmp"
        374⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\3052.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3052.tmp"
        375⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\30B0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\30B0.tmp"
        376⤵
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\310E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\310E.tmp"
        377⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\317B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\317B.tmp"
        378⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\31C9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\31C9.tmp"
        379⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\3227.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3227.tmp"
        380⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\3294.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3294.tmp"
        381⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\32E2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\32E2.tmp"
        382⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\3330.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3330.tmp"
        383⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\339E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\339E.tmp"
        384⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\33FC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\33FC.tmp"
        385⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\3469.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3469.tmp"
        386⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\34C7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\34C7.tmp"
        387⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\3524.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3524.tmp"
        388⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\3582.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3582.tmp"
        389⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\35E0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\35E0.tmp"
        390⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\363E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\363E.tmp"
        391⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\368C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\368C.tmp"
        392⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\36F9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\36F9.tmp"
        393⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\3757.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3757.tmp"
        394⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\37A5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\37A5.tmp"
        395⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\3812.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3812.tmp"
        396⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\3870.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3870.tmp"
        397⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\38CE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\38CE.tmp"
        398⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\392C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\392C.tmp"
        399⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\3989.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3989.tmp"
        400⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\39F7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\39F7.tmp"
        401⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\3A55.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3A55.tmp"
        402⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\3AC2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3AC2.tmp"
        403⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\3B20.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3B20.tmp"
        404⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\3B8D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3B8D.tmp"
        405⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\3BDB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3BDB.tmp"
        406⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\3C39.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3C39.tmp"
        407⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\3C97.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3C97.tmp"
        408⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\3CF4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3CF4.tmp"
        409⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\3D43.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3D43.tmp"
        410⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\3DA0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3DA0.tmp"
        411⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\3DFE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3DFE.tmp"
        412⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\3E5C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3E5C.tmp"
        413⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\3EAA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3EAA.tmp"
        414⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\3F08.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3F08.tmp"
        415⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\3F65.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3F65.tmp"
        416⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\3FB4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3FB4.tmp"
        417⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\4002.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4002.tmp"
        418⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\4050.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4050.tmp"
        419⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\40AE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\40AE.tmp"
        420⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\410B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\410B.tmp"
        421⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\4159.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4159.tmp"
        422⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\41A8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\41A8.tmp"
        423⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\41F6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\41F6.tmp"
        424⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\4244.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4244.tmp"
        425⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\4292.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4292.tmp"
        426⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\42E0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\42E0.tmp"
        427⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\434D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\434D.tmp"
        428⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\43AB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\43AB.tmp"
        429⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\4409.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4409.tmp"
        430⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\4457.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4457.tmp"
        431⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\44B5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\44B5.tmp"
        432⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\4503.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4503.tmp"
        433⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\4561.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4561.tmp"
        434⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\45BE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\45BE.tmp"
        435⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\461C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\461C.tmp"
        436⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\467A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\467A.tmp"
        437⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\46D8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\46D8.tmp"
        438⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\4735.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4735.tmp"
        439⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\4793.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4793.tmp"
        440⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\47E1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\47E1.tmp"
        441⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\482F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\482F.tmp"
        442⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\487E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\487E.tmp"
        443⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\48CC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\48CC.tmp"
        444⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\491A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\491A.tmp"
        445⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\4978.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4978.tmp"
        446⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\49D5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\49D5.tmp"
        447⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\4A33.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4A33.tmp"
        448⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\4A91.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4A91.tmp"
        449⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\4ADF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4ADF.tmp"
        450⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\4B2D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4B2D.tmp"
        451⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\4B8B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4B8B.tmp"
        452⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\4BD9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4BD9.tmp"
        453⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\4C46.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4C46.tmp"
        454⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\4C94.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4C94.tmp"
        455⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\4D02.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4D02.tmp"
        456⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\4D60.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4D60.tmp"
        457⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\4DAE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4DAE.tmp"
        458⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\4DFC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4DFC.tmp"
        459⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\4E4A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4E4A.tmp"
        460⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\4E98.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4E98.tmp"
        461⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\4EF6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4EF6.tmp"
        462⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\4F44.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4F44.tmp"
        463⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\4FA2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4FA2.tmp"
        464⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\4FF0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4FF0.tmp"
        465⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\503E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\503E.tmp"
        466⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\508C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\508C.tmp"
        467⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\50EA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\50EA.tmp"
        468⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\5148.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5148.tmp"
        469⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\5196.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5196.tmp"
        470⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\51F3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\51F3.tmp"
        471⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\5242.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5242.tmp"
        472⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\529F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\529F.tmp"
        473⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\52FD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\52FD.tmp"
        474⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\534B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\534B.tmp"
        475⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\5399.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5399.tmp"
        476⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\53F7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\53F7.tmp"
        477⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\5445.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5445.tmp"
        478⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\5493.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5493.tmp"
        479⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\54E1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\54E1.tmp"
        480⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\553F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\553F.tmp"
        481⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\558D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\558D.tmp"
        482⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\55EB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\55EB.tmp"
        483⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\5649.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5649.tmp"
        484⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\5697.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5697.tmp"
        485⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\56F5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\56F5.tmp"
        486⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\5743.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5743.tmp"
        487⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\57A1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\57A1.tmp"
        488⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\580E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\580E.tmp"
        489⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\587B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\587B.tmp"
        490⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\58C9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\58C9.tmp"
        491⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\5918.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5918.tmp"
        492⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\5966.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5966.tmp"
        493⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\59B4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\59B4.tmp"
        494⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\5A02.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5A02.tmp"
        495⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\5A40.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5A40.tmp"
        496⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\5A8F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5A8F.tmp"
        497⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\5ADD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5ADD.tmp"
        498⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\5B2B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5B2B.tmp"
        499⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\5B98.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5B98.tmp"
        500⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\5C06.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5C06.tmp"
        501⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\5CA2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5CA2.tmp"
        502⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\5D3E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5D3E.tmp"
        503⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\5D9C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5D9C.tmp"
        504⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\5E09.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5E09.tmp"
        505⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\5E77.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5E77.tmp"
        506⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\5ED4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5ED4.tmp"
        507⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\5F42.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5F42.tmp"
        508⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\5F90.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5F90.tmp"
        509⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\5FEE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5FEE.tmp"
        510⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\603C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\603C.tmp"
        511⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\60A9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\60A9.tmp"
        512⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\6107.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6107.tmp"
        513⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\6165.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6165.tmp"
        514⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\61C2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\61C2.tmp"
        515⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\6230.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6230.tmp"
        516⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\628D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\628D.tmp"
        517⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\62EB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\62EB.tmp"
        518⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\6349.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6349.tmp"
        519⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\63A7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\63A7.tmp"
        520⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\6404.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6404.tmp"
        521⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\6462.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6462.tmp"
        522⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\64C0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\64C0.tmp"
        523⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\652D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\652D.tmp"
        524⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\657B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\657B.tmp"
        525⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\65D9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\65D9.tmp"
        526⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\6637.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6637.tmp"
        527⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\6695.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6695.tmp"
        528⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\66F2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\66F2.tmp"
        529⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\6750.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6750.tmp"
        530⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\67AE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\67AE.tmp"
        531⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\67FC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\67FC.tmp"
        532⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\684A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\684A.tmp"
        533⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\68A8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\68A8.tmp"
        534⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\6915.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6915.tmp"
        535⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\6973.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6973.tmp"
        536⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\69D1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\69D1.tmp"
        537⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\6A3E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6A3E.tmp"
        538⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\6A9C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6A9C.tmp"
        539⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\6AEA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6AEA.tmp"
        540⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\6B57.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6B57.tmp"
        541⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\6BC5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6BC5.tmp"
        542⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\6C32.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6C32.tmp"
        543⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\6CA0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6CA0.tmp"
        544⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\6CEE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6CEE.tmp"
        545⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\6D4B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6D4B.tmp"
        546⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\6DA9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6DA9.tmp"
        547⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\6E07.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6E07.tmp"
        548⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\6E65.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6E65.tmp"
        549⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\6EC2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6EC2.tmp"
        550⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\6F20.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6F20.tmp"
        551⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\6F6E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6F6E.tmp"
        552⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\6FBC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6FBC.tmp"
        553⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\700B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\700B.tmp"
        554⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\7059.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7059.tmp"
        555⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\70A7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\70A7.tmp"
        556⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\70F5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\70F5.tmp"
        557⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\7153.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7153.tmp"
        558⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\71A1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\71A1.tmp"
        559⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\71EF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\71EF.tmp"
        560⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\723D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\723D.tmp"
        561⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\729B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\729B.tmp"
        562⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\72F9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\72F9.tmp"
        563⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\7347.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7347.tmp"
        564⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\73A4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\73A4.tmp"
        565⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\7402.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7402.tmp"
        566⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\7460.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7460.tmp"
        567⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\74BE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\74BE.tmp"
        568⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\750C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\750C.tmp"
        569⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\756A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\756A.tmp"
        570⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\75C7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\75C7.tmp"
        571⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\7625.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7625.tmp"
        572⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\7683.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7683.tmp"
        573⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\76E1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\76E1.tmp"
        574⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\772F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\772F.tmp"
        575⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\778C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\778C.tmp"
        576⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\77EA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\77EA.tmp"
        577⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\7838.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7838.tmp"
        578⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\7886.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7886.tmp"
        579⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\78E4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\78E4.tmp"
        580⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\7942.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7942.tmp"
        581⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\79AF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\79AF.tmp"
        582⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\7A0D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7A0D.tmp"
        583⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\7A6B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7A6B.tmp"
        584⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\7AC9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7AC9.tmp"
        585⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\7B26.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7B26.tmp"
        586⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\7B84.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7B84.tmp"
        587⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\7BE2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7BE2.tmp"
        588⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\7C30.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7C30.tmp"
        589⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\7C8E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7C8E.tmp"
        590⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\7CDC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7CDC.tmp"
        591⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\7D3A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7D3A.tmp"
        592⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\7D97.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7D97.tmp"
        593⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\7E05.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7E05.tmp"
        594⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\7E62.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7E62.tmp"
        595⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\7EB1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7EB1.tmp"
        596⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\7F0E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7F0E.tmp"
        597⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\7F7C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7F7C.tmp"
        598⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\7FE9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7FE9.tmp"
        599⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\8037.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8037.tmp"
        600⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\8095.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8095.tmp"
        601⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\80F3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\80F3.tmp"
        602⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\8141.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8141.tmp"
        603⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\818F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\818F.tmp"
        604⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\81DD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\81DD.tmp"
        605⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\823B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\823B.tmp"
        606⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\82B8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\82B8.tmp"
        607⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\8325.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8325.tmp"
        608⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\8383.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8383.tmp"
        609⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\83E1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\83E1.tmp"
        610⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\843E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\843E.tmp"
        611⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\849C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\849C.tmp"
        612⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\84EA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\84EA.tmp"
        613⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\8548.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8548.tmp"
        614⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\85A6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\85A6.tmp"
        615⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\8604.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8604.tmp"
        616⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\8661.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8661.tmp"
        617⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\86BF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\86BF.tmp"
        618⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\870D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\870D.tmp"
        619⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\875B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\875B.tmp"
        620⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\87B9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\87B9.tmp"
        621⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\8807.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8807.tmp"
        622⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\8875.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8875.tmp"
        623⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\88E2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\88E2.tmp"
        624⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\894F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\894F.tmp"
        625⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\89AD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\89AD.tmp"
        626⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\8A0B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8A0B.tmp"
        627⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\8A69.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8A69.tmp"
        628⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\8AC6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8AC6.tmp"
        629⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\8B14.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8B14.tmp"
        630⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\8B72.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8B72.tmp"
        631⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\8BC0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8BC0.tmp"
        632⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\8C1E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8C1E.tmp"
        633⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\8C7C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8C7C.tmp"
        634⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\8D08.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8D08.tmp"
        635⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\8D76.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8D76.tmp"
        636⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\8DC4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8DC4.tmp"
        637⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\8E12.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8E12.tmp"
        638⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\8E70.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8E70.tmp"
        639⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\8ECE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8ECE.tmp"
        640⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\8F1C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8F1C.tmp"
        641⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\8F79.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8F79.tmp"
        642⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\8FD7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8FD7.tmp"
        643⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\9035.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9035.tmp"
        644⤵
        System Location Discovery: System Language Discovery
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\9093.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9093.tmp"
        645⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\9100.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9100.tmp"
        646⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\916D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\916D.tmp"
        647⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\91CB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\91CB.tmp"
        648⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\9229.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9229.tmp"
        649⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\9277.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9277.tmp"
        650⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\92C5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\92C5.tmp"
        651⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\9313.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9313.tmp"
        652⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\9381.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9381.tmp"
        653⤵
        System Location Discovery: System Language Discovery
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\93DE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\93DE.tmp"
        654⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\944C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\944C.tmp"
        655⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\94AA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\94AA.tmp"
        656⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\9517.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9517.tmp"
        657⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\9575.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9575.tmp"
        658⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\95C3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\95C3.tmp"
        659⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\9621.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9621.tmp"
        660⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\967E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\967E.tmp"
        661⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\96CC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\96CC.tmp"
        662⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\972A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\972A.tmp"
        663⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\9788.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9788.tmp"
        664⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\97E6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\97E6.tmp"
        665⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\9853.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9853.tmp"
        666⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\98A1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\98A1.tmp"
        667⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\990F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\990F.tmp"
        668⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\996C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\996C.tmp"
        669⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\99CA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\99CA.tmp"
        670⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\9A28.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9A28.tmp"
        671⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\9A76.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9A76.tmp"
        672⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\9AC4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9AC4.tmp"
        673⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\9B31.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9B31.tmp"
        674⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\9B80.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9B80.tmp"
        675⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\9BED.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9BED.tmp"
        676⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\9C4B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9C4B.tmp"
        677⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\9CA8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9CA8.tmp"
        678⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\9D16.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9D16.tmp"
        679⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\9D64.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9D64.tmp"
        680⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\9DC2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9DC2.tmp"
        681⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\9E1F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9E1F.tmp"
        682⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\9E7D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9E7D.tmp"
        683⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\9EDB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9EDB.tmp"
        684⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\9F39.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9F39.tmp"
        685⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\9F96.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9F96.tmp"
        686⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\9FF4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9FF4.tmp"
        687⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\A062.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A062.tmp"
        688⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\A0BF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A0BF.tmp"
        689⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\A11D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A11D.tmp"
        690⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\A17B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A17B.tmp"
        691⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\A1D9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A1D9.tmp"
        692⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\A236.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A236.tmp"
        693⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\A294.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A294.tmp"
        694⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\A2F2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A2F2.tmp"
        695⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\A35F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A35F.tmp"
        696⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\A3BD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A3BD.tmp"
        697⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\A40B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A40B.tmp"
        698⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\A459.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A459.tmp"
        699⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\A4A7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A4A7.tmp"
        700⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\A505.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A505.tmp"
        701⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\A563.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A563.tmp"
        702⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\A5D0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A5D0.tmp"
        703⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\A62E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A62E.tmp"
        704⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\A67C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A67C.tmp"
        705⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\A6CA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A6CA.tmp"
        706⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\A718.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A718.tmp"
        707⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\A776.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A776.tmp"
        708⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\A7D4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A7D4.tmp"
        709⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\A822.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A822.tmp"
        710⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\A88F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A88F.tmp"
        711⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\A8ED.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A8ED.tmp"
        712⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\A93B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A93B.tmp"
        713⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\A9C8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A9C8.tmp"
        714⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\AA26.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AA26.tmp"
        715⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\AA83.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AA83.tmp"
        716⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\AAD1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AAD1.tmp"
        717⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\AB2F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AB2F.tmp"
        718⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\AB8D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AB8D.tmp"
        719⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\ABEB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ABEB.tmp"
        720⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\AC39.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AC39.tmp"
        721⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\AC97.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AC97.tmp"
        722⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\AD04.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AD04.tmp"
        723⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\AD62.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AD62.tmp"
        724⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\ADB0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ADB0.tmp"
        725⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\AE0E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AE0E.tmp"
        726⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\AE6B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AE6B.tmp"
        727⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\AED9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AED9.tmp"
        728⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\AF36.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AF36.tmp"
        729⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\AF94.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AF94.tmp"
        730⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\AFE2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AFE2.tmp"
        731⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\B040.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B040.tmp"
        732⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\B09E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B09E.tmp"
        733⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\B0FC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B0FC.tmp"
        734⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\B169.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B169.tmp"
        735⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\B1C7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B1C7.tmp"
        736⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\B215.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B215.tmp"
        737⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\B263.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B263.tmp"
        738⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\B2D0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B2D0.tmp"
        739⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\B32E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B32E.tmp"
        740⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\B37C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B37C.tmp"
        741⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\B3DA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B3DA.tmp"
        742⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\B438.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B438.tmp"
        743⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\B495.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B495.tmp"
        744⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\B4F3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B4F3.tmp"
        745⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\B551.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B551.tmp"
        746⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\B59F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B59F.tmp"
        747⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\B5FD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B5FD.tmp"
        748⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\B64B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B64B.tmp"
        749⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\B699.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B699.tmp"
        750⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\B6F7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B6F7.tmp"
        751⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\B745.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B745.tmp"
        752⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\B793.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B793.tmp"
        753⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\B7F1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B7F1.tmp"
        754⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\B83F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B83F.tmp"
        755⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\B89D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B89D.tmp"
        756⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\B8FA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B8FA.tmp"
        757⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\B958.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B958.tmp"
        758⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\B9B6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B9B6.tmp"
        759⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\BA14.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BA14.tmp"
        760⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\BA71.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BA71.tmp"
        761⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\BAC0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BAC0.tmp"
        762⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\BB1D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BB1D.tmp"
        763⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\BB6B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BB6B.tmp"
        764⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\BBBA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BBBA.tmp"
        765⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\BC17.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BC17.tmp"
        766⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\BC75.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BC75.tmp"
        767⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\BCD3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BCD3.tmp"
        768⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\BD31.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BD31.tmp"
        769⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\BD8E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BD8E.tmp"
        770⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\BDFC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BDFC.tmp"
        771⤵
        System Location Discovery: System Language Discovery
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\BE59.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BE59.tmp"
        772⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\BEB7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BEB7.tmp"
        773⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\BF25.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BF25.tmp"
        774⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\BF92.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BF92.tmp"
        775⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\BFE0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BFE0.tmp"
        776⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\C04D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C04D.tmp"
        777⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\C09C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C09C.tmp"
        778⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\C0F9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C0F9.tmp"
        779⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\C147.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C147.tmp"
        780⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\C1B5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C1B5.tmp"
        781⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\C222.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C222.tmp"
        782⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\C290.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C290.tmp"
        783⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\C2DE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C2DE.tmp"
        784⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\C32C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C32C.tmp"
        785⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\C38A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C38A.tmp"
        786⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\C3E7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C3E7.tmp"
        787⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\C435.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C435.tmp"
        788⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\C484.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C484.tmp"
        789⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\C4F1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C4F1.tmp"
        790⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\C53F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C53F.tmp"
        791⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\C59D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C59D.tmp"
        792⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\C60A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C60A.tmp"
        793⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\C668.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C668.tmp"
        794⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\C6C6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C6C6.tmp"
        795⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\C723.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C723.tmp"
        796⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\C772.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C772.tmp"
        797⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\C7C0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C7C0.tmp"
        798⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\C81D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C81D.tmp"
        799⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\C87B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C87B.tmp"
        800⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\C8C9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C8C9.tmp"
        801⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\C927.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C927.tmp"
        802⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\C985.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C985.tmp"
        803⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\C9E3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C9E3.tmp"
        804⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\CA40.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CA40.tmp"
        805⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\CA9E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CA9E.tmp"
        806⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\CAFC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CAFC.tmp"
        807⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\CB5A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CB5A.tmp"
        808⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\CBB7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CBB7.tmp"
        809⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\CC05.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CC05.tmp"
        810⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\CC63.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CC63.tmp"
        811⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\CCC1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CCC1.tmp"
        812⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\CD1F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CD1F.tmp"
        813⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\CD7C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CD7C.tmp"
        814⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\CDCB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CDCB.tmp"
        815⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\CE19.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CE19.tmp"
        816⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\CE67.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CE67.tmp"
        817⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\CEC5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CEC5.tmp"
        818⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\CF22.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CF22.tmp"
        819⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\CF80.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CF80.tmp"
        820⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\CFCE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\CFCE.tmp"
        821⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\D02C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D02C.tmp"
        822⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\D07A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D07A.tmp"
        823⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\D0E7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D0E7.tmp"
        824⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\D136.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D136.tmp"
        825⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\D1A3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D1A3.tmp"
        826⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\D201.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D201.tmp"
        827⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\D26E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D26E.tmp"
        828⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\D2BC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D2BC.tmp"
        829⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\D31A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D31A.tmp"
        830⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\D378.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D378.tmp"
        831⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\D3D5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D3D5.tmp"
        832⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\D433.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D433.tmp"
        833⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\D491.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D491.tmp"
        834⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\D4EF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D4EF.tmp"
        835⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\D54C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D54C.tmp"
        836⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\D5AA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D5AA.tmp"
        837⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\D608.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D608.tmp"
        838⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\D666.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D666.tmp"
        839⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\D6C3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D6C3.tmp"
        840⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\D731.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D731.tmp"
        841⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\D78F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D78F.tmp"
        842⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\D7EC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D7EC.tmp"
        843⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\D84A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D84A.tmp"
        844⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\D898.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D898.tmp"
        845⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\D906.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D906.tmp"
        846⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\D973.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D973.tmp"
        847⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\D9D1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D9D1.tmp"
        848⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\DA2E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DA2E.tmp"
        849⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\DA8C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DA8C.tmp"
        850⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\DAFA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DAFA.tmp"
        851⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\DB57.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DB57.tmp"
        852⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\DBC5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DBC5.tmp"
        853⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\DC22.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DC22.tmp"
        854⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\DC90.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DC90.tmp"
        855⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\DCDE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DCDE.tmp"
        856⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\DD2C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DD2C.tmp"
        857⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\DD7A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DD7A.tmp"
        858⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\DDD8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DDD8.tmp"
        859⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\DE26.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DE26.tmp"
        860⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\DE84.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DE84.tmp"
        861⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\DEF1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DEF1.tmp"
        862⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\DF3F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DF3F.tmp"
        863⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\DF9D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DF9D.tmp"
        864⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\DFFB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DFFB.tmp"
        865⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\E059.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E059.tmp"
        866⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\E0B6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E0B6.tmp"
        867⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\E114.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E114.tmp"
        868⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\E162.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E162.tmp"
        869⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\E1B0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E1B0.tmp"
        870⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\E21E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E21E.tmp"
        871⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\E26C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E26C.tmp"
        872⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\E2CA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E2CA.tmp"
        873⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\E327.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E327.tmp"
        874⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\E385.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E385.tmp"
        875⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\E3D3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E3D3.tmp"
        876⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\E431.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E431.tmp"
        877⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\E48F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E48F.tmp"
        878⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\E4EC.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E4EC.tmp"
        879⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\E54A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E54A.tmp"
        880⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\E5B8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E5B8.tmp"
        881⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\E615.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E615.tmp"
        882⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\E673.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E673.tmp"
        883⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\E6E0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E6E0.tmp"
        884⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\E72F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E72F.tmp"
        885⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\E78C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E78C.tmp"
        886⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\E7EA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E7EA.tmp"
        887⤵
        System Location Discovery: System Language Discovery
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\E848.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E848.tmp"
        888⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\E8A6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E8A6.tmp"
        889⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\E8F4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E8F4.tmp"
        890⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\E961.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E961.tmp"
        891⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\E9BF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E9BF.tmp"
        892⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\EA1D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EA1D.tmp"
        893⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\EA6B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EA6B.tmp"
        894⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\EAB9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EAB9.tmp"
        895⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\EB17.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EB17.tmp"
        896⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\EB74.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EB74.tmp"
        897⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\EBD2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EBD2.tmp"
        898⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\EC30.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EC30.tmp"
        899⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\EC8E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EC8E.tmp"
        900⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\ECEB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ECEB.tmp"
        901⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\ED68.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\ED68.tmp"
        902⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\EDC6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EDC6.tmp"
        903⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\EE14.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EE14.tmp"
        904⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\EE62.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EE62.tmp"
        905⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\EEC0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EEC0.tmp"
        906⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\EF1E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EF1E.tmp"
        907⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\EF7C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EF7C.tmp"
        908⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\EFCA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EFCA.tmp"
        909⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\F027.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F027.tmp"
        910⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\F085.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F085.tmp"
        911⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\F0E3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F0E3.tmp"
        912⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\F131.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F131.tmp"
        913⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\F17F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F17F.tmp"
        914⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\F1DD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F1DD.tmp"
        915⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\F23B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F23B.tmp"
        916⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\F298.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F298.tmp"
        917⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\F2E7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F2E7.tmp"
        918⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\F344.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F344.tmp"
        919⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\F3A2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F3A2.tmp"
        920⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\F400.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F400.tmp"
        921⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\F45E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F45E.tmp"
        922⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\F4BB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F4BB.tmp"
        923⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\F519.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F519.tmp"
        924⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\F567.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F567.tmp"
        925⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\F5B5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F5B5.tmp"
        926⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\F613.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F613.tmp"
        927⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\F671.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F671.tmp"
        928⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\F6BF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F6BF.tmp"
        929⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\F70D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F70D.tmp"
        930⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\F76B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F76B.tmp"
        931⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\F7B9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F7B9.tmp"
        932⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\F826.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F826.tmp"
        933⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\F884.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F884.tmp"
        934⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\F8E2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F8E2.tmp"
        935⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\F930.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F930.tmp"
        936⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\F98E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F98E.tmp"
        937⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\F9EB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F9EB.tmp"
        938⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\FA49.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FA49.tmp"
        939⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\FA97.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FA97.tmp"
        940⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\FAF5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FAF5.tmp"
        941⤵
        System Location Discovery: System Language Discovery
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\FB53.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FB53.tmp"
        942⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\FBA1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FBA1.tmp"
        943⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\FC0E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FC0E.tmp"
        944⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\FC6C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FC6C.tmp"
        945⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\FCBA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FCBA.tmp"
        946⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\FD18.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FD18.tmp"
        947⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\FD66.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FD66.tmp"
        948⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\FDC4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FDC4.tmp"
        949⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\FE22.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FE22.tmp"
        950⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\FE7F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FE7F.tmp"
        951⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\FECD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FECD.tmp"
        952⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\FF2B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FF2B.tmp"
        953⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\FF89.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FF89.tmp"
        954⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\FFD7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FFD7.tmp"
        955⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\35.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\35.tmp"
        956⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\83.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\83.tmp"
        957⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\E1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E1.tmp"
        958⤵
        System Location Discovery: System Language Discovery
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\13E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\13E.tmp"
        959⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\19C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\19C.tmp"
        960⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\238.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\238.tmp"
        961⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\296.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\296.tmp"
        962⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\2F4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\2F4.tmp"
        963⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\342.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\342.tmp"
        964⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\3AF.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3AF.tmp"
        965⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\3FE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\3FE.tmp"
        966⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\45B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\45B.tmp"
        967⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\4A9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4A9.tmp"
        968⤵
        System Location Discovery: System Language Discovery
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\4F8.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\4F8.tmp"
        969⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\555.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\555.tmp"
        970⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\5A3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\5A3.tmp"
        971⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\601.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\601.tmp"
        972⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\65F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\65F.tmp"
        973⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\6AD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\6AD.tmp"
        974⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\70B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\70B.tmp"
        975⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\769.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\769.tmp"
        976⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\7B7.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\7B7.tmp"
        977⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\814.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\814.tmp"
        978⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\882.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\882.tmp"
        979⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\8E0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\8E0.tmp"
        980⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\93D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\93D.tmp"
        981⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\98B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\98B.tmp"
        982⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\9DA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\9DA.tmp"
        983⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\A37.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A37.tmp"
        984⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\A85.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\A85.tmp"
        985⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\AD4.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\AD4.tmp"
        986⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\B31.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B31.tmp"
        987⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\B8F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\B8F.tmp"
        988⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\BED.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\BED.tmp"
        989⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\C4B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C4B.tmp"
        990⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\C99.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\C99.tmp"
        991⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\D06.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D06.tmp"
        992⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\D64.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\D64.tmp"
        993⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\DB2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\DB2.tmp"
        994⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\E10.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E10.tmp"
        995⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\E6D.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\E6D.tmp"
        996⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\EDB.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\EDB.tmp"
        997⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\F29.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F29.tmp"
        998⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\F87.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\F87.tmp"
        999⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\FD5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\FD5.tmp"
        1000⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\1023.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1023.tmp"
        1001⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\1081.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1081.tmp"
        1002⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\10EE.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\10EE.tmp"
        1003⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\114C.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\114C.tmp"
        1004⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\11AA.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\11AA.tmp"
        1005⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\1207.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1207.tmp"
        1006⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\1265.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1265.tmp"
        1007⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\12C3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\12C3.tmp"
        1008⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\1311.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1311.tmp"
        1009⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\136F.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\136F.tmp"
        1010⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\13BD.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\13BD.tmp"
        1011⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\142A.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\142A.tmp"
        1012⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\1478.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1478.tmp"
        1013⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\14C6.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\14C6.tmp"
        1014⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\1524.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1524.tmp"
        1015⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\1572.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1572.tmp"
        1016⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\15C0.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\15C0.tmp"
        1017⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\162E.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\162E.tmp"
        1018⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\169B.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\169B.tmp"
        1019⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\16E9.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\16E9.tmp"
        1020⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\1747.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1747.tmp"
        1021⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\1795.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1795.tmp"
        1022⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\17E3.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\17E3.tmp"
        1023⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\1831.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\1831.tmp"
        1024⤵
        
        PID:4872

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1FB8DC4C64396C0813B4C95465A66DFE; domain=.bing.com; expires=Sat, 08-Nov-2025 14:42:57 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2EBBA2CC28FA4313A46DC6F67144CE0D Ref B: LON601060103025 Ref C: 2024-10-14T14:42:57Z
date: Mon, 14 Oct 2024 14:42:57 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1FB8DC4C64396C0813B4C95465A66DFE

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=YSuyAqzeEyBiWL_kDbMVCep3M-y3p3MQP5Rc6pmbv2k; domain=.bing.com; expires=Sat, 08-Nov-2025 14:42:57 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FAB5AC1BB82649EC80F61AD3D675B811 Ref B: LON601060103025 Ref C: 2024-10-14T14:42:57Z
date: Mon, 14 Oct 2024 14:42:57 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1FB8DC4C64396C0813B4C95465A66DFE; MSPTC=YSuyAqzeEyBiWL_kDbMVCep3M-y3p3MQP5Rc6pmbv2k

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9FC6F99956AF45EA8D113B35DD15B50B Ref B: LON601060103025 Ref C: 2024-10-14T14:42:58Z
date: Mon, 14 Oct 2024 14:42:57 GMT
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

101.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.209.201.84.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

107.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.209.201.84.in-addr.arpa

IN PTR

Response
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301320_16XXVBVNIIATTNZGS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301320_16XXVBVNIIATTNZGS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 195935
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0450751BA72F49BDB3A747089CAD2663 Ref B: LON601060101040 Ref C: 2024-10-14T14:44:36Z
date: Mon, 14 Oct 2024 14:44:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 632525
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E619E35FA6E045BFBEB10D6F10B42CF1 Ref B: LON601060101040 Ref C: 2024-10-14T14:44:36Z
date: Mon, 14 Oct 2024 14:44:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 383554
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A5B5F22FBC3C42CDBBD95C4042C901A0 Ref B: LON601060101040 Ref C: 2024-10-14T14:44:36Z
date: Mon, 14 Oct 2024 14:44:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301729_1IQTWSVKP22KW7ULM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301729_1IQTWSVKP22KW7ULM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 390340
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5BACCFE8E0424E05B55573EF401C1CD9 Ref B: LON601060101040 Ref C: 2024-10-14T14:44:36Z
date: Mon, 14 Oct 2024 14:44:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 193575
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5681E6CF58C54CCAB6AA1E08BFA99F8D Ref B: LON601060101040 Ref C: 2024-10-14T14:44:36Z
date: Mon, 14 Oct 2024 14:44:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 633835
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7487933059FD43B581EB7AC6A0864FD5 Ref B: LON601060101040 Ref C: 2024-10-14T14:44:36Z
date: Mon, 14 Oct 2024 14:44:36 GMT

150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

tls, http2

2.0kB
9.4kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b2d021fd3e8942ca8084328d590d748c&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

HTTP Response

204
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

88.7kB
2.5MB
1835
1831

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301320_16XXVBVNIIATTNZGS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301729_1IQTWSVKP22KW7ULM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

101.209.201.84.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

101.209.201.84.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

107.209.201.84.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

107.209.201.84.in-addr.arpa
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A6A0.tmp

Filesize
520KB

MD5
4e7743fe9e1fb1b4e1bd874763003f3a

SHA1
57e595a13ae83db30f5ee245efbb089f001e3c0c

SHA256
e7dad70a9d143986fb23f8c111ec380dff30a60386147160da70a1468a87fc7f

SHA512
ae806d4a5db538c8203ab1a61da20877f377f2d8f7531815160ab2e4e2a7f92c1fa01ef79cc32d514e0f7e4c25e70034a2a0514c9e5d0a2f065e264d3eea9244

Download Submit
C:\Users\Admin\AppData\Local\Temp\A72D.tmp

Filesize
520KB

MD5
076fff8cc48aa093f5f679aedb40b30a

SHA1
cb743a597d053cfc9b889c6347eca5d671562048

SHA256
40a3f6047371df48d8d32c8f0c86e253b2aa3996d1addf65db1e73878addcd70

SHA512
d69d56d5ecad52e5f222bfdf1bb61c8cb6e2dd04b9df16cd2e10ea5e76c4f4de214a534cd4b6513e64ae111eb346f0752e9fb967a927ef3dd731ccbe0ed84983

Download Submit
C:\Users\Admin\AppData\Local\Temp\A79A.tmp

Filesize
520KB

MD5
cf1ccc52480d47a8ba14336c4f2409cf

SHA1
ae4f8468e4eb6e297da47d1113e18c5fd0ad87a5

SHA256
cd5896bbd9b0f224b78854e03adc522dd15153cdd3872738b3ebde737c303a5c

SHA512
4b7e2882632a4b74db023f40a730ab7c079286882bea62e30f7fb7a18906e0a21da365790a70b15fce7d502e29be877bb4cb98ddb7d781052f31cf0264b376e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\A817.tmp

Filesize
520KB

MD5
e8ce8a2c7143bffef1402be557b0a93f

SHA1
f56c245a9929ec99fe77cee4b4b2f176cf6f4f71

SHA256
0a7f6125c26b44d4fa8cbafd26a942d5816799d1c27094e6ca7895cd6b48d8bc

SHA512
9f4ff56f6d39ed67e7bd0e7e3db181e268ee7be1f1599a92fc3b4e346f8b0537e675f784e3883b8c00bbf924d8412a005bb127c5d467aa7632eeaa35facc0606

Download Submit
C:\Users\Admin\AppData\Local\Temp\A8B3.tmp

Filesize
520KB

MD5
00098c61551eb2d44c2201339da2dbb0

SHA1
6ee3b5ab258fa59adfb49a379825f541937e13e3

SHA256
395c67c1916bf472eb7705bcebd9703621b4583172ab112a002c9b5e8107081e

SHA512
5cc89ba57e889e3e09dc8f0668a87c2d3e059234da1dc8e2ba49c6e43db1919bfec349edfaa934f66ee8756d33cc982f2cbad7be844348c2b9eb06a6598cf94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\A950.tmp

Filesize
520KB

MD5
9b59a0264ed46c5038d145bb3e93d5dc

SHA1
0eae94e863bcd7c1d6ded869345c42b88cf84b51

SHA256
29bce72140faeb5488c9cb088c350998af4143406665b96e22231e4371b18dad

SHA512
36c543153b9faf340a2d8e288aec5332ad99b57d990a47e30f52fec782dcd376df6d2e852acb052fcf3341a08115c62c7bbe64b46bee52e819d0fd0d36c83623

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9BD.tmp

Filesize
520KB

MD5
73d08774b0cda04d39a40a6c4007bb5a

SHA1
041d5d50926d724b5a04e33eecc4342d3b72ccd1

SHA256
edb6fbe9a73a28ef82ce020a95e9ac3d5f512d7ced560aa9e6f4ad722fb005ce

SHA512
3d8cf2264345004eac138cc9d5ab14bcd51fc3a37ea545893c7f57f1fe213a295d30e8cae32765d38c89544da3e3a1a77274994f123d9036f869d7054c87d2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\AA2A.tmp

Filesize
520KB

MD5
6092370a398393f6dfa83ef21d56438f

SHA1
83b26ee5ea6189e6e4ab0d98b0c7b9aff3b8918f

SHA256
df9b37c14093f2a09a7a391fa50aca2543d64ff546a0a36ba753785e69aee6ec

SHA512
486cad2832cedc593bbda301408cfd307dddd06dc19ade3e086f7ddc8347fb209750b7f4203451466e8eb196360980863aae55cb1817af6956030e76cb1efe72

Download Submit
C:\Users\Admin\AppData\Local\Temp\AAB7.tmp

Filesize
520KB

MD5
10426bf9b28036595061c7cdc366ced7

SHA1
1c79860db53b9b64dcbb62b415772997bbb7d0b8

SHA256
6f87872a95eae20c91994f8fe5e139fad70490529614b94b2377df10a0a1485e

SHA512
249f845e88dcd0ad5d0c6b9fd13eaab505b922777e5d41cd3e0f832b5ac6717c17359ad98b10e25450c8a5b322814b1a86729611bfb9b5bc350b61442b234e71

Download Submit
C:\Users\Admin\AppData\Local\Temp\AB53.tmp

Filesize
520KB

MD5
4f71400e08a8f1202b7e9fcd9a943bb4

SHA1
ab9ffd403f7f078a718948cae715c687c5c07e94

SHA256
6def091a20cbbe9847180f8d9dd79305bf933bec8cd28aaea05a5405667f6620

SHA512
8fe65f2970b55f5a9a492082e1ec38777a0e0af1801d407eebdcb631bc8cc783f231b2ebad5a6eb2812492b223bfffd2de5253bc6e8c090773716bc08e10fb3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ABC1.tmp

Filesize
520KB

MD5
91176469599c0e178ba2ab1520d68b8f

SHA1
bef5cf09b4566d998b746bcf65298efe745130ee

SHA256
5ad8912c112ab88bf06b43577e0540ea974d26fb4bea622ae014ba338e5300d4

SHA512
df4b945cadf7d7d8668c412204c636706f4e59c901d53b01c6a217485d1f35a49228242d2720d7ee28af4935a41642e95c701176cd104c5be297d9570187398f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AC2E.tmp

Filesize
520KB

MD5
bfd0079be2e2f9e566444885edfc4435

SHA1
c34db315fe2eee4d84ac3555a717584752e1ccab

SHA256
54b81542ec9403e2f31b0ec7c81824b10b595b072bfb6eab3d033957c4f1206b

SHA512
6f625f6e9363e4d6294926ac2a78a5e72f1f429e2ec14d0068c5d66de16dd1f2e537c511454dc801fe50fd40a25e0b2d3cf080072a79abb6e8a4d12dc46d3759

Download Submit
C:\Users\Admin\AppData\Local\Temp\AC9B.tmp

Filesize
520KB

MD5
448dc74955049d071113d98220bfe334

SHA1
ca6b808dac1170489f70832e8fca63998829bc8a

SHA256
212fea44716e84b11eb36f1892f719e0eec6a03f246a066c91ce857f8c025bc2

SHA512
f4901b3ab41a1307c56604c1193ddc2ee88d67ba6aa9f6bf3ef6459549033d59e816c9f977745739f4425ec6274d6c0ca7bdcf3a8e3356a9b479374504f189a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AD38.tmp

Filesize
520KB

MD5
651e5f083f062a2291c407a471778b54

SHA1
e3dd32fd4fb54110ee0a9e96dcc7dbc81fcbdfae

SHA256
622b13339f71c33253954eba94a6adc51cfeed1fc9c2fd69e7340dcbb189f722

SHA512
69980135e934e3a63e75a9053c214445bbf61ef927fa0d240144af8eed712a15295e6d20da4bde9170a886d63b07440c039392cba3580892440437b1f487c921

Download Submit
C:\Users\Admin\AppData\Local\Temp\ADB5.tmp

Filesize
520KB

MD5
515366521c3bfdde84e1719eef0f717c

SHA1
8c91ed6994a8ba1df0c97014907ff68014a1eac5

SHA256
b061ba90e70365581443ae82524912b1c4434e923b5d2a8d19d0c017227f0433

SHA512
bdce9140bc77d07a8359b9f4ee5afcc5b435dc4f7d12bd7aaa87603ba67a119e40ba03e6776bfdf91c5f3b7ad6354ff44a8ede2de9fe4b74c2e16c3a25d7ebed

Download Submit
C:\Users\Admin\AppData\Local\Temp\AE22.tmp

Filesize
520KB

MD5
b19c97d8235278ba626a03b5d2bdb672

SHA1
20e948830429a6afbd0739cb0e0b35e750a1830d

SHA256
7acd5da9fa9f4e58a2a93d61b960ae7a2e5364bb2055647b8986fff3774a9b31

SHA512
6d33d7f105c82177f959564dc221b30f590cc17bf6018c4f673caff3cbd401a3706e315b68b6dbaea4098c6430f5655fe4a9403a352e077c2ff93f40e9243a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\AEAF.tmp

Filesize
520KB

MD5
a70fc2a7a76505d0c4a1f30627557daf

SHA1
6f1dfd44ad68042b94a90a73008398cce2a08f23

SHA256
cf79b2194e57ae1243a0d02cadf1d2e3e97fe0719795454e9309435aa346c330

SHA512
3a4f95ce2926b1181f336a833acc18e4e9637b5bb8f11a8f85ac03c3901878a303e9da673d8a19859395ed57aa661dacd7d4570625ed7773959f72eae87cdc7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\AF1C.tmp

Filesize
520KB

MD5
557e8e88655aef18fe69577da89a6425

SHA1
3a0df52ba6c36c6fd83f7421de5a009ade6e5232

SHA256
4ec62b8c85508f42d666e8b0d1074ef6df8648dc715016b6767969f92c0eeeb0

SHA512
d3e6195b8231c7e6169437aeee81f09b4c0b2302ef843e23a5d63339c9af9e66b4290fbbf3a0ac2888f07a636296c40832e15be8a0dda9e0e16296e65eb0f5f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AF89.tmp

Filesize
520KB

MD5
c41c6aa076eb3d462acaa324061af7eb

SHA1
ca8aa22cfcb1f0bde0d6741707943d183e00295f

SHA256
fab1987f66155f89bfa2a740ad9ea59cb44c091eb2a2b32c6fe4d639071c54c5

SHA512
716d34e75b4c5a902977f336224e5aaee163ca067aebef1e316912f15de18e115dc3320c8ccce23f6c18658537539cd14f7706e34be9aaecfb72af8f49f78e43

Download Submit
C:\Users\Admin\AppData\Local\Temp\AFD7.tmp

Filesize
520KB

MD5
32bc930543ba2b6f286b11358afde06d

SHA1
dd084bc5ec49eb6c8e98e9614fea2c5679f59289

SHA256
210c29106ef5efa692dfe621cd88d313510ecdbc7470514f9ed7a58f4877ee84

SHA512
4a2abb8819cb1563aaca69c6673caeee056ce4ad60591085284e287b15bfbe2a58356178413d3149f314936ac3871c60cbaee73af7d110557b2a16a8d774132c

Download Submit
C:\Users\Admin\AppData\Local\Temp\B045.tmp

Filesize
520KB

MD5
71913dfed80470f110e31619e16300e9

SHA1
9baa9ac8db2eeffecfdcfc56a34e15d7e3b455b6

SHA256
9f3fd63a1d65622598cc198c95e2053f36151e42f64afc1f14a01458e1330d07

SHA512
8452f9de1a7016313f267f0c4bc776201a9fdb2dee283c1893ca3ab3367bd91b01a94278ef6a2b9acf6e27406b46e6d8a6c2ed5a3ff36290704ecffa91e23198

Download Submit
C:\Users\Admin\AppData\Local\Temp\B0B2.tmp

Filesize
520KB

MD5
d7045b1dc9148f31ffcf4b51bf9f37a2

SHA1
c890b1b740a563873ce8788aea744057026d2e5e

SHA256
0dc0ea99daf5a78e2d690c2d3920162e84a4a773c8f976655eda96a80d7fe749

SHA512
8beaa1b323ec938d00e2551ca4898152b5c74ea19c86d038ca006683628d392dbac5b94dcc9122c5e7a4781d59f8a550b11f8ef886c7fcfbe64496b91025adf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\B12F.tmp

Filesize
520KB

MD5
0a8b2cf30a392ded8f6a2c12dd23666d

SHA1
b3b6bfcd448749f1535fdd5725c274913759c020

SHA256
dcc2d4c75e55f85a2799ccc9745d9c96d86893557c1020fea1c474d0b7bac4e8

SHA512
8edfcc9fc2bb8c3b1131dce856684b3c9751fe86122ab3b9f490b54595ddd94dd4461dd123a2eaa06cf27f38e451f210a47aacaa7049c9ac1a27f48509e28f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\B1DB.tmp

Filesize
520KB

MD5
a7bef74d71d58e3cb59428474af05280

SHA1
0b0344ec735946dba6c875de039dab5f34313f12

SHA256
b7725812df1e3607ac391c5021c74880814e19464b665211729f242cb2b9edfe

SHA512
e8bc142d54ec9e2066f02da30b509d235c08f265c0dab757fc87e8fa2e6c649c956b9e490ec6516fc24f571d3b30a688cf05f7e35430c7615a1a454966542f54

Download Submit
C:\Users\Admin\AppData\Local\Temp\B277.tmp

Filesize
520KB

MD5
16dc9a07c7a0fba396eda84609fd681f

SHA1
566826625de24f96edf64fd9a3baff805c78128b

SHA256
36c9d0becf072f3fa090cf0c4f531835e309deaacbdb8e591dfd50162f7a49f9

SHA512
3baf3d5877e08316fa3818827bd313088f1f0d5d2bcbcec7f5ad302cc5a879ab71d066261d0020cb9218c8e6ee7c9ce0c46dfd7624b9672b8ac462c6f8003f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\B304.tmp

Filesize
520KB

MD5
c94ede89ebad08bdfe481bd0ffeaa9a5

SHA1
1434fdc9304a50440ecfa9b83922095ecef4356c

SHA256
a7ba9b802484764ff72f8c10b834080997dd0fa8094897acef51f02f168e4a7d

SHA512
b316886198e3d57216b98cf0ed95c40de58428198b62cd555730431cfb1b9f457f5bc62ff808fa38f3322a643e31d0219f5c04107963ab9221a318f22e45510c

Download Submit
C:\Users\Admin\AppData\Local\Temp\B371.tmp

Filesize
520KB

MD5
85cfb75fe2815ecae64be82dbc7debdd

SHA1
c7cbb817ed3567185039c1983d1c0c96c55118a5

SHA256
cbdaac95cf9c87468e21b8ad3b63a7d6b6638da9ffce7128f762a13cd0599b21

SHA512
583b923a752325052fd53611f71c2baf7bf160e097cbfc9ba211190f9ba1c3f5a2fd8744b6559b65f03e2067dcefba2c80ac0d460eb317f9e25742144bfe031b

Download Submit
C:\Users\Admin\AppData\Local\Temp\B3FE.tmp

Filesize
520KB

MD5
d10b3e96f007bf7f356d5f9e86eacba1

SHA1
11b2ebe6c22b01fc8f911b1c86bd162d34a0765b

SHA256
39e87718e825deeead238bb9cccc241139e6e5962c5c0d87639aed6f60a0049b

SHA512
f9c1454764aacbceac07cb60899f8d3a18385617e37bfb82e9114a697b7bf8baf6254350a203ffd00fa895d500117c04842f9f3a743e14f110e16826d1be2f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\B48B.tmp

Filesize
520KB

MD5
f6b069c9844d8b147aa80dff94413841

SHA1
a8eee91f86db2a1a10484065a62e466e55b14eaf

SHA256
f36868942e460b6277b977fcebc8546fe0a2c0398390dfeec76dfae3e3982606

SHA512
c8cfb82fca96c0ca313c325b1adbaa9071026bff6cb250570e045197b83ee3f4fe7c7dc6213787a0b7556c244f3986c55e397348fb9688fc4cc10d983d01b81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\B517.tmp

Filesize
520KB

MD5
cb56b15109df635bd351a6d9375aa60f

SHA1
0fc3eb6172caf8fa1851062996e80ce7996ad65c

SHA256
a3fa8e9076fd09547269ee1d40dc219fef8ae69a74f582ee3daa9e02c9bcc4e7

SHA512
ef3907f03389acacc31a70597dcb6fb19418a97288e8c5a97c135db0b2e671009e3c8dd4b82e51fc701ff60c9b4510f40e5992df2209c00c7f29e8f791701820

Download Submit
C:\Users\Admin\AppData\Local\Temp\B575.tmp

Filesize
520KB

MD5
ec54b356bf5dc3911378e5b4617845ec

SHA1
808ff0d09acfaf1b0d7c7590b09e265099068a7e

SHA256
6ae0d6bb021144c201c27e33564ff17f7a5eaa47b504d28ae081f97f4ea14326

SHA512
16bfa16358ceb64bfa1488b61cc3d00b08a17f8723802a8f2b09ee8c32ce958114b05dec322215f42e1e48f7a483add76d8e5abd8ab06562b0fabf7fb6f0bcbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\B602.tmp

Filesize
520KB

MD5
a03bbf994de857d934714138540625ee

SHA1
d06d3e6ecbf58a8bacb833bbb6a13f350d8e693f

SHA256
dca17343296c26d458fe7d3c0759b43d3ae4839bd1815ea2d2a69aed17821697

SHA512
a47ea7d9b401e89836c1454ce3282607a073181b643acc9a96ea00986194c2e77a1bddced9f1ca862238c1d1ab5f00f413246c3a01544ea7edb521251ef3df9d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.