quasar | 3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b

Analysis

max time kernel
18s
max time network
153s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-02-2025 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlitzedGrabberv12.exe
Size

2.6MB
MD5

077d284a18b1b27ce1b060f2fb181f51
SHA1

ed1ab2f545948d464cb01cb91c70fbb15a7b5dc5
SHA256

3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b
SHA512

3dc6e525e0cdb738084d1150230ae0389cd9f82c27e416ea2a334831013c124964f5cfbcf96911b15eb965e2dd8f7b5dbaec62966a7d3316c921359f2173cda2
SSDEEP

49152:S3mAznU4n9t2ELj18p4BDifoM83ig9Apl14yGMde+4c5coSskn:SQ49wi73fWc+dL4c5cZn

Score

10^/10

quasar blitzed discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Blitzed

37.19.210.35:57736

Mutex

Blitzed_MUTEX_MV3expVHRYMXXFRcx7

Attributes

encryption_key
hNyQQlS3eTiBt1nViS6y
install_name
Microsoft Host Sercurity.exe
log_directory
Keys
reconnect_delay
3000
startup_key
Windows Security Notification
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000c000000027cfc-12.dat	family_quasar
behavioral1/memory/2808-16-0x0000000000A20000-0x0000000000ABC000-memory.dmp	family_quasar

Checks computer location settings 2 TTPs 37 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BlitzedGrabberv12.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000\Control Panel\International\Geo\Nation	BLITZEDGRABBERV12.EXE

Executes dropped EXE 42 IoCs

pid	Process
2808	MICROSFT MSI.EXE
4812	MICROSFT MSI.EXE
1624	MICROSFT MSI.EXE
1472	MICROSFT MSI.EXE
648	MICROSFT MSI.EXE
3652	MICROSFT MSI.EXE
1000	MICROSFT MSI.EXE
472	MICROSFT MSI.EXE
5068	MICROSFT MSI.EXE
1728	MICROSFT MSI.EXE
2480	MICROSFT MSI.EXE
1692	MICROSFT MSI.EXE
4500	MICROSFT MSI.EXE
4880	MICROSFT MSI.EXE
5088	Microsoft Host Sercurity.exe
1736	MICROSFT MSI.EXE
3084	MICROSFT MSI.EXE
4936	MICROSFT MSI.EXE
1352	MICROSFT MSI.EXE
376	MICROSFT MSI.EXE
4792	MICROSFT MSI.EXE
1884	Microsoft Host Sercurity.exe
1460	MICROSFT MSI.EXE
552	MICROSFT MSI.EXE
1092	MICROSFT MSI.EXE
2388	MICROSFT MSI.EXE
1100	MICROSFT MSI.EXE
3628	Microsoft Host Sercurity.exe
3376	MICROSFT MSI.EXE
1292	MICROSFT MSI.EXE
3044	MICROSFT MSI.EXE
760	MICROSFT MSI.EXE
3436	MICROSFT MSI.EXE
736	MICROSFT MSI.EXE
4500	Microsoft Host Sercurity.exe
2992	MICROSFT MSI.EXE
2136	MICROSFT MSI.EXE
1740	MICROSFT MSI.EXE
1920	MICROSFT MSI.EXE
3968	MICROSFT MSI.EXE
1684	Microsoft Host Sercurity.exe
3496	MICROSFT MSI.EXE

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com
48	api.ipify.org
61	ip-api.com
98	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft Host Sercurity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft Host Sercurity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlitzedGrabberv12.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 35 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3224	schtasks.exe
1516	schtasks.exe
2088	schtasks.exe
2428	schtasks.exe
2136	schtasks.exe
3348	schtasks.exe
1720	schtasks.exe
5084	schtasks.exe
4824	schtasks.exe
2136	schtasks.exe
2072	schtasks.exe
4588	schtasks.exe
2452	schtasks.exe
2728	schtasks.exe
1320	schtasks.exe
3652	schtasks.exe
1564	schtasks.exe
2584	schtasks.exe
3476	schtasks.exe
884	schtasks.exe
2780	schtasks.exe
2624	schtasks.exe
2260	schtasks.exe
3940	schtasks.exe
1720	schtasks.exe
4752	schtasks.exe
1552	schtasks.exe
4592	schtasks.exe
2648	schtasks.exe
1928	schtasks.exe
3968	schtasks.exe
1176	schtasks.exe
4824	schtasks.exe
2612	schtasks.exe
1620	schtasks.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1728	MICROSFT MSI.EXE
3084	MICROSFT MSI.EXE
1460	MICROSFT MSI.EXE
3376	MICROSFT MSI.EXE
3376	MICROSFT MSI.EXE

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2808	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1728	MICROSFT MSI.EXE
Token: SeDebugPrivilege	4500	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3084	MICROSFT MSI.EXE
Token: SeDebugPrivilege	376	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1460	MICROSFT MSI.EXE
Token: SeDebugPrivilege	2388	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3376	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3044	MICROSFT MSI.EXE
Token: SeDebugPrivilege	736	MICROSFT MSI.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 1768	3292	BlitzedGrabberv12.exe	82
PID 3292 wrote to memory of 1768	3292	BlitzedGrabberv12.exe	82
PID 3292 wrote to memory of 1768	3292	BlitzedGrabberv12.exe	82
PID 3292 wrote to memory of 2808	3292	BlitzedGrabberv12.exe	83
PID 3292 wrote to memory of 2808	3292	BlitzedGrabberv12.exe	83
PID 3292 wrote to memory of 2808	3292	BlitzedGrabberv12.exe	83
PID 1768 wrote to memory of 1296	1768	BLITZEDGRABBERV12.EXE	84
PID 1768 wrote to memory of 1296	1768	BLITZEDGRABBERV12.EXE	84
PID 1768 wrote to memory of 1296	1768	BLITZEDGRABBERV12.EXE	84
PID 1768 wrote to memory of 4812	1768	BLITZEDGRABBERV12.EXE	85
PID 1768 wrote to memory of 4812	1768	BLITZEDGRABBERV12.EXE	85
PID 1768 wrote to memory of 4812	1768	BLITZEDGRABBERV12.EXE	85
PID 1296 wrote to memory of 1564	1296	BLITZEDGRABBERV12.EXE	87
PID 1296 wrote to memory of 1564	1296	BLITZEDGRABBERV12.EXE	87
PID 1296 wrote to memory of 1564	1296	BLITZEDGRABBERV12.EXE	87
PID 1296 wrote to memory of 1624	1296	BLITZEDGRABBERV12.EXE	88
PID 1296 wrote to memory of 1624	1296	BLITZEDGRABBERV12.EXE	88
PID 1296 wrote to memory of 1624	1296	BLITZEDGRABBERV12.EXE	88
PID 1564 wrote to memory of 968	1564	BLITZEDGRABBERV12.EXE	89
PID 1564 wrote to memory of 968	1564	BLITZEDGRABBERV12.EXE	89
PID 1564 wrote to memory of 968	1564	BLITZEDGRABBERV12.EXE	89
PID 1564 wrote to memory of 1472	1564	BLITZEDGRABBERV12.EXE	90
PID 1564 wrote to memory of 1472	1564	BLITZEDGRABBERV12.EXE	90
PID 1564 wrote to memory of 1472	1564	BLITZEDGRABBERV12.EXE	90
PID 968 wrote to memory of 2788	968	BLITZEDGRABBERV12.EXE	91
PID 968 wrote to memory of 2788	968	BLITZEDGRABBERV12.EXE	91
PID 968 wrote to memory of 2788	968	BLITZEDGRABBERV12.EXE	91
PID 968 wrote to memory of 648	968	BLITZEDGRABBERV12.EXE	92
PID 968 wrote to memory of 648	968	BLITZEDGRABBERV12.EXE	92
PID 968 wrote to memory of 648	968	BLITZEDGRABBERV12.EXE	92
PID 2788 wrote to memory of 2996	2788	BLITZEDGRABBERV12.EXE	93
PID 2788 wrote to memory of 2996	2788	BLITZEDGRABBERV12.EXE	93
PID 2788 wrote to memory of 2996	2788	BLITZEDGRABBERV12.EXE	93
PID 2788 wrote to memory of 3652	2788	BLITZEDGRABBERV12.EXE	233
PID 2788 wrote to memory of 3652	2788	BLITZEDGRABBERV12.EXE	233
PID 2788 wrote to memory of 3652	2788	BLITZEDGRABBERV12.EXE	233
PID 2996 wrote to memory of 3816	2996	BLITZEDGRABBERV12.EXE	185
PID 2996 wrote to memory of 3816	2996	BLITZEDGRABBERV12.EXE	185
PID 2996 wrote to memory of 3816	2996	BLITZEDGRABBERV12.EXE	185
PID 2996 wrote to memory of 1000	2996	BLITZEDGRABBERV12.EXE	213
PID 2996 wrote to memory of 1000	2996	BLITZEDGRABBERV12.EXE	213
PID 2996 wrote to memory of 1000	2996	BLITZEDGRABBERV12.EXE	213
PID 3816 wrote to memory of 3724	3816	BLITZEDGRABBERV12.EXE	98
PID 3816 wrote to memory of 3724	3816	BLITZEDGRABBERV12.EXE	98
PID 3816 wrote to memory of 3724	3816	BLITZEDGRABBERV12.EXE	98
PID 3816 wrote to memory of 472	3816	BLITZEDGRABBERV12.EXE	99
PID 3816 wrote to memory of 472	3816	BLITZEDGRABBERV12.EXE	99
PID 3816 wrote to memory of 472	3816	BLITZEDGRABBERV12.EXE	99
PID 3724 wrote to memory of 2780	3724	BLITZEDGRABBERV12.EXE	100
PID 3724 wrote to memory of 2780	3724	BLITZEDGRABBERV12.EXE	100
PID 3724 wrote to memory of 2780	3724	BLITZEDGRABBERV12.EXE	100
PID 3724 wrote to memory of 5068	3724	BLITZEDGRABBERV12.EXE	101
PID 3724 wrote to memory of 5068	3724	BLITZEDGRABBERV12.EXE	101
PID 3724 wrote to memory of 5068	3724	BLITZEDGRABBERV12.EXE	101
PID 2780 wrote to memory of 2432	2780	BLITZEDGRABBERV12.EXE	223
PID 2780 wrote to memory of 2432	2780	BLITZEDGRABBERV12.EXE	223
PID 2780 wrote to memory of 2432	2780	BLITZEDGRABBERV12.EXE	223
PID 2780 wrote to memory of 1728	2780	BLITZEDGRABBERV12.EXE	229
PID 2780 wrote to memory of 1728	2780	BLITZEDGRABBERV12.EXE	229
PID 2780 wrote to memory of 1728	2780	BLITZEDGRABBERV12.EXE	229
PID 2432 wrote to memory of 2008	2432	BLITZEDGRABBERV12.EXE	104
PID 2432 wrote to memory of 2008	2432	BLITZEDGRABBERV12.EXE	104
PID 2432 wrote to memory of 2008	2432	BLITZEDGRABBERV12.EXE	104
PID 2432 wrote to memory of 2480	2432	BLITZEDGRABBERV12.EXE	105

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberv12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberv12.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
  "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
    "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
      "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        6⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        7⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        8⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        9⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        10⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        11⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        12⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        13⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        14⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        15⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        16⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        17⤵
        Checks computer location settings
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        18⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        19⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        20⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        21⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        22⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        23⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        24⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        25⤵
        Checks computer location settings
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        26⤵
        Checks computer location settings
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        27⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        28⤵
        Checks computer location settings
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        29⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        30⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        31⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        32⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        33⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        34⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        35⤵
        Checks computer location settings
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        36⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        37⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        39⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        40⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        41⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        42⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        43⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        44⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        45⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        46⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        47⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        48⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        49⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        50⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        51⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        52⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        53⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        54⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        55⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        56⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        57⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        58⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        59⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        60⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        61⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        62⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        63⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        64⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        65⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        66⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        67⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        68⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        69⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        70⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        71⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        72⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        73⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        74⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        75⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        76⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        77⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        78⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        79⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        80⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        81⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        82⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        83⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        84⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        85⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        86⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        87⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        88⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        89⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        90⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        91⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        92⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        93⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        94⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        95⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        96⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        97⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        98⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        99⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        100⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        101⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        102⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        103⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        104⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        105⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        106⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        107⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        108⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        109⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        110⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        111⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        112⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        113⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        114⤵
        
        PID:100
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        115⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        116⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        117⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        118⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        119⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        120⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        121⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        122⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        123⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        124⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        125⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        126⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        127⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        128⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        129⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        130⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        131⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        132⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        133⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        134⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        135⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        136⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        137⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        138⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        139⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        140⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        141⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        142⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        143⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        144⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        145⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        146⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        147⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        148⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        149⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        150⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        151⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        152⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        153⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        154⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        155⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        156⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        157⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        158⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        159⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        160⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        161⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        162⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        163⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        164⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        165⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        166⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        167⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        168⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        169⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        170⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        171⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        172⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        173⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        174⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        175⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        176⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        177⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        178⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        179⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        180⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        181⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        182⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        183⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        184⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        185⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        186⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        187⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        188⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        189⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        190⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        191⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        192⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        193⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        194⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        195⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        196⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        197⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        198⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        199⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        200⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        201⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        202⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        203⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        204⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        205⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        206⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        207⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        208⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        209⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        210⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        211⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        212⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        213⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        214⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        215⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        216⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        217⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        218⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        219⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        220⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        221⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        222⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        223⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        224⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        225⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        226⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        227⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        228⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        229⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        230⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        231⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        232⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        233⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        234⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        235⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        236⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        237⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        238⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        239⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        240⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        241⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        242⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        243⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        244⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        245⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        246⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        247⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        248⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        249⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        250⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        251⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        252⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        253⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        254⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        255⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        256⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        257⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        258⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        259⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        260⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        261⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        262⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        263⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        264⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        265⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        266⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        267⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        268⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        269⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        270⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        271⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        272⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        273⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        274⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        275⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        276⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        277⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        278⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        279⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        280⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        281⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        282⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        283⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        284⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        285⤵
        
        PID:188
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        286⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        287⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        288⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        289⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        290⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        291⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        292⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        293⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        294⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        295⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        296⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        297⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        298⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        299⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        300⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        301⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        302⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        303⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        304⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        305⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        306⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        307⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        308⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        309⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        310⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        311⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        312⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        313⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        314⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        315⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        316⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        317⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        318⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        319⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        320⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        321⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        322⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        323⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        324⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        325⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        326⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        327⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        328⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        329⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        330⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        331⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        332⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        333⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        334⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        335⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        336⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        337⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        338⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        338⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        337⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        336⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        335⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        334⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        333⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        332⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        331⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        330⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        329⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        328⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        327⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        326⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        325⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        326⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4752
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        326⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        324⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        323⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        322⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        321⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        320⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        319⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        320⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2728
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        320⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        318⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        317⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        316⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        315⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        314⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        313⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        312⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        311⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        310⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        311⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1720
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        311⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        309⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        308⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        307⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        308⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4592
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        308⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        306⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        305⤵
        
        PID:564
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        306⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1516
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        306⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        304⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        303⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        302⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        301⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        300⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        299⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        300⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2452
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        300⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        298⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        297⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        296⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        295⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        294⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        295⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1720
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        295⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        293⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        292⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        291⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        290⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        289⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        288⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        287⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        286⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        285⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        284⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        283⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        284⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2624
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        284⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        282⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        281⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        280⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        279⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        278⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        277⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        276⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        275⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        274⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        273⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        272⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        271⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        270⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        269⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        268⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        267⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        266⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        265⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        264⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        263⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        262⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        261⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        260⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        259⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        258⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        257⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        256⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        257⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3652
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        257⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        255⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        254⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        253⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        252⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        251⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        250⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        249⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        248⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        247⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        246⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        245⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        244⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        243⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        242⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        241⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        240⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        239⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        238⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        237⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        236⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        235⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        234⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        233⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        232⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        231⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        232⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3224
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        232⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        230⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        229⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        228⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        227⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        226⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        225⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        224⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        223⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        222⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        221⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        220⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        219⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        218⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        217⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        216⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        215⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        214⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        213⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        212⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        211⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        210⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        209⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        208⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        207⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        206⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        207⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1552
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        207⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        205⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        204⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        203⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        202⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        201⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        200⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        199⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        198⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        197⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        196⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        195⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        194⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        193⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        192⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        191⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        190⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        189⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        188⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        187⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        186⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        185⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        184⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        183⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        182⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        181⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        182⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2136
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        182⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        180⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        179⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        180⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2780
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        180⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        178⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        177⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        176⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        175⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        174⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        173⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        172⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        171⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        172⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1928
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        172⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        170⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        169⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        168⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        167⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        166⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        167⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2136
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        168⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        167⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        165⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        164⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        165⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3348
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        165⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        163⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        162⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        163⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4824
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        163⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        161⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        160⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        159⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        158⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        157⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        158⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2428
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        158⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        156⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        155⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        156⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4588
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        156⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        154⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        153⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        152⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        151⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        152⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4824
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        152⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        150⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        149⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        148⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        147⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        146⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        145⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        144⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        143⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        142⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        141⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        140⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        139⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        138⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        137⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        136⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        135⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        134⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        133⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        132⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        131⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        130⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        129⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        128⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        127⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        126⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        125⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        124⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        125⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:884
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        125⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        123⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        122⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        121⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        120⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        119⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        118⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        117⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        116⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        115⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        114⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        113⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        112⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        111⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        110⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        109⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        108⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        107⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        106⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        105⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        104⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        103⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        102⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        101⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        100⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        101⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2088
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        101⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        99⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        98⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        97⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        96⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        95⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        94⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        93⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        92⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        91⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        90⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        89⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        88⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        87⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        86⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        85⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        84⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        83⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        82⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        81⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        80⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        79⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        78⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        77⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        78⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1320
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        78⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        76⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        75⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        74⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        73⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        72⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        71⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        70⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        69⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        68⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        67⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        66⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        65⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        64⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        63⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        62⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        61⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        60⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        59⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        58⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        57⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        56⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        55⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        54⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        53⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        54⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3476
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        54⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        52⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        51⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        50⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        49⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        48⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        49⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1564
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        49⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        47⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        46⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        45⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        44⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        43⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        44⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3968
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        44⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        42⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        41⤵
        
        PID:968
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        42⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2584
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        42⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        40⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        39⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        37⤵
        Executes dropped EXE
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        36⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        37⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1620
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        37⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        35⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        34⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        33⤵
        Executes dropped EXE
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:736
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        33⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1176
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        33⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:3044
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        30⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:5084
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        27⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3376
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        28⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3940
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        28⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        26⤵
        Executes dropped EXE
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2388
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        26⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2648
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        26⤵
        Executes dropped EXE
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        24⤵
        Executes dropped EXE
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:376
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        21⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2072
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        21⤵
        Executes dropped EXE
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        18⤵
        Executes dropped EXE
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4500
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        15⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2260
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
      "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1624
- - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
    "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
    3⤵
    - Executes dropped EXE
    PID:4812
- C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
  "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2808
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:2612
- - C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
    3⤵
    - Executes dropped EXE
    PID:5088

C:\Windows\System32\smartscreen.exe
C:\Windows\System32\smartscreen.exe -Embedding
1⤵
PID:3816

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3676

C:\Windows\System32\uow8ys.exe
"C:\Windows\System32\uow8ys.exe"
1⤵
PID:4264

C:\Windows\System32\uow8ys.exe
"C:\Windows\System32\uow8ys.exe"
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MICROSFT MSI.EXE.log

Filesize
701B

MD5
b8f25807f2c2d5d9f1b724c5c1fbebd9

SHA1
f97aca350fdee3994376fb49c075f6b992504758

SHA256
e2281b4d79ea1305d702fc3ae3d9d78f51fbafd7e32480f545cc2fc5ae0e4537

SHA512
f97b860992024b69544f685465894ff9125a9fa7ee480b97288f9545acba2a80dd5dbd0b14e7463348503bbf65863ccd71fa94efc57350ffb8744c7a9e0ba392

Download Submit
C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE

Filesize
595KB

MD5
475691016468352b8ad3479ba2cd4c60

SHA1
a8f10d2cb1f39a3a0c192a9b95dc9dffbc8dc41f

SHA256
9f8dbd40c87855601f86a8950aea9b737fbe8e8a53c3e007bafb4c07df9f7415

SHA512
40ef05d47760cb5e528678a69c8f3342529a1a60f9a850179613a5556f0f83b5fa12834ec9ae40b63219a3815b1346434911bc21b6863dcd545ee68103f14241

Download Submit
memory/1864-85-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-76-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-77-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-78-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-82-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-83-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-84-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-88-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-87-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/1864-86-0x0000021F8E670000-0x0000021F8E671000-memory.dmp

Filesize
4KB

Download
memory/2808-32-0x0000000006700000-0x000000000673C000-memory.dmp

Filesize
240KB

Download
memory/2808-27-0x00000000059D0000-0x00000000059E2000-memory.dmp

Filesize
72KB

Download
memory/2808-21-0x0000000005540000-0x00000000055A6000-memory.dmp

Filesize
408KB

Download
memory/2808-17-0x0000000005A50000-0x0000000005FF6000-memory.dmp

Filesize
5.6MB

Download
memory/2808-16-0x0000000000A20000-0x0000000000ABC000-memory.dmp

Filesize
624KB

Download
memory/2808-14-0x0000000073BDE000-0x0000000073BDF000-memory.dmp

Filesize
4KB

Download
memory/4812-18-0x00000000058C0000-0x0000000005952000-memory.dmp

Filesize
584KB

Download