quasar | 3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b

Analysis

max time kernel
27s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
04-02-2025 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlitzedGrabberv12.exe
Size

2.6MB
MD5

077d284a18b1b27ce1b060f2fb181f51
SHA1

ed1ab2f545948d464cb01cb91c70fbb15a7b5dc5
SHA256

3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b
SHA512

3dc6e525e0cdb738084d1150230ae0389cd9f82c27e416ea2a334831013c124964f5cfbcf96911b15eb965e2dd8f7b5dbaec62966a7d3316c921359f2173cda2
SSDEEP

49152:S3mAznU4n9t2ELj18p4BDifoM83ig9Apl14yGMde+4c5coSskn:SQ49wi73fWc+dL4c5cZn

Score

10^/10

quasar blitzed discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Blitzed

37.19.210.35:57736

Mutex

Blitzed_MUTEX_MV3expVHRYMXXFRcx7

Attributes

encryption_key
hNyQQlS3eTiBt1nViS6y
install_name
Microsoft Host Sercurity.exe
log_directory
Keys
reconnect_delay
3000
startup_key
Windows Security Notification
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0009000000029eea-4.dat	family_quasar
behavioral2/memory/3232-13-0x0000000000110000-0x00000000001AC000-memory.dmp	family_quasar

Blocklisted process makes network request 1 IoCs

flow	pid	Process
17	3392	MICROSFT MSI.EXE

Executes dropped EXE 64 IoCs

pid	Process
3232	MICROSFT MSI.EXE
3956	MICROSFT MSI.EXE
1104	MICROSFT MSI.EXE
4164	MICROSFT MSI.EXE
2040	MICROSFT MSI.EXE
3828	MICROSFT MSI.EXE
4812	MICROSFT MSI.EXE
4388	MICROSFT MSI.EXE
4276	MICROSFT MSI.EXE
1696	Microsoft Host Sercurity.exe
3808	MICROSFT MSI.EXE
868	MICROSFT MSI.EXE
436	MICROSFT MSI.EXE
3908	MICROSFT MSI.EXE
3616	MICROSFT MSI.EXE
4868	Microsoft Host Sercurity.exe
2488	MICROSFT MSI.EXE
1676	MICROSFT MSI.EXE
5068	MICROSFT MSI.EXE
4588	MICROSFT MSI.EXE
2764	MICROSFT MSI.EXE
3484	Microsoft Host Sercurity.exe
8	MICROSFT MSI.EXE
2692	MICROSFT MSI.EXE
1036	MICROSFT MSI.EXE
2400	MICROSFT MSI.EXE
4892	MICROSFT MSI.EXE
4368	Microsoft Host Sercurity.exe
1468	MICROSFT MSI.EXE
1628	MICROSFT MSI.EXE
5052	MICROSFT MSI.EXE
4932	MICROSFT MSI.EXE
5108	Microsoft Host Sercurity.exe
4888	MICROSFT MSI.EXE
896	MICROSFT MSI.EXE
952	MICROSFT MSI.EXE
1836	MICROSFT MSI.EXE
1368	Microsoft Host Sercurity.exe
1724	MICROSFT MSI.EXE
1356	MICROSFT MSI.EXE
3392	MICROSFT MSI.EXE
3024	MICROSFT MSI.EXE
416	MICROSFT MSI.EXE
4228	Microsoft Host Sercurity.exe
2676	MICROSFT MSI.EXE
3368	MICROSFT MSI.EXE
3216	MICROSFT MSI.EXE
4828	MICROSFT MSI.EXE
3400	Microsoft Host Sercurity.exe
2308	MICROSFT MSI.EXE
4512	MICROSFT MSI.EXE
1616	MICROSFT MSI.EXE
3444	Microsoft Host Sercurity.exe
896	MICROSFT MSI.EXE
3008	Microsoft Host Sercurity.exe
1156	MICROSFT MSI.EXE
2780	MICROSFT MSI.EXE
2076	MICROSFT MSI.EXE
4156	MICROSFT MSI.EXE
4228	MICROSFT MSI.EXE
2220	MICROSFT MSI.EXE
1216	MICROSFT MSI.EXE
548	MICROSFT MSI.EXE
4860	MICROSFT MSI.EXE

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com
3	api.ipify.org
29	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft Host Sercurity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlitzedGrabberv12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft Host Sercurity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft Host Sercurity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft Host Sercurity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BLITZEDGRABBERV12.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MICROSFT MSI.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 36 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1572	schtasks.exe
868	schtasks.exe
2076	schtasks.exe
4416	schtasks.exe
5060	schtasks.exe
1764	schtasks.exe
3392	schtasks.exe
3600	schtasks.exe
3008	schtasks.exe
1140	schtasks.exe
4124	schtasks.exe
3860	schtasks.exe
3568	schtasks.exe
2836	schtasks.exe
4896	schtasks.exe
480	schtasks.exe
3432	schtasks.exe
1380	schtasks.exe
2528	schtasks.exe
568	schtasks.exe
1812	schtasks.exe
3068	schtasks.exe
1528	schtasks.exe
4180	schtasks.exe
2256	schtasks.exe
1404	schtasks.exe
3504	schtasks.exe
2264	schtasks.exe
3908	schtasks.exe
2056	schtasks.exe
3136	schtasks.exe
4292	schtasks.exe
1632	schtasks.exe
2996	schtasks.exe
4276	schtasks.exe
1640	schtasks.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3828	MICROSFT MSI.EXE
3808	MICROSFT MSI.EXE
1676	MICROSFT MSI.EXE
2692	MICROSFT MSI.EXE
1468	MICROSFT MSI.EXE
4888	MICROSFT MSI.EXE
1724	MICROSFT MSI.EXE
416	MICROSFT MSI.EXE
4828	MICROSFT MSI.EXE
4512	MICROSFT MSI.EXE

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeDebugPrivilege	3232	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3828	MICROSFT MSI.EXE
Token: SeDebugPrivilege	4388	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3808	MICROSFT MSI.EXE
Token: SeDebugPrivilege	436	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1676	MICROSFT MSI.EXE
Token: SeDebugPrivilege	4588	MICROSFT MSI.EXE
Token: SeDebugPrivilege	2692	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1036	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1468	MICROSFT MSI.EXE
Token: SeDebugPrivilege	5052	MICROSFT MSI.EXE
Token: SeDebugPrivilege	4888	MICROSFT MSI.EXE
Token: SeDebugPrivilege	952	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1724	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3392	MICROSFT MSI.EXE
Token: SeDebugPrivilege	416	MICROSFT MSI.EXE
Token: SeDebugPrivilege	3368	MICROSFT MSI.EXE
Token: SeDebugPrivilege	4828	MICROSFT MSI.EXE
Token: SeDebugPrivilege	4512	MICROSFT MSI.EXE
Token: SeDebugPrivilege	1156	MICROSFT MSI.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 4848	896	BlitzedGrabberv12.exe	77
PID 896 wrote to memory of 4848	896	BlitzedGrabberv12.exe	77
PID 896 wrote to memory of 4848	896	BlitzedGrabberv12.exe	77
PID 896 wrote to memory of 3232	896	BlitzedGrabberv12.exe	78
PID 896 wrote to memory of 3232	896	BlitzedGrabberv12.exe	78
PID 896 wrote to memory of 3232	896	BlitzedGrabberv12.exe	78
PID 4848 wrote to memory of 4852	4848	BLITZEDGRABBERV12.EXE	79
PID 4848 wrote to memory of 4852	4848	BLITZEDGRABBERV12.EXE	79
PID 4848 wrote to memory of 4852	4848	BLITZEDGRABBERV12.EXE	79
PID 4848 wrote to memory of 3956	4848	BLITZEDGRABBERV12.EXE	80
PID 4848 wrote to memory of 3956	4848	BLITZEDGRABBERV12.EXE	80
PID 4848 wrote to memory of 3956	4848	BLITZEDGRABBERV12.EXE	80
PID 4852 wrote to memory of 720	4852	BLITZEDGRABBERV12.EXE	81
PID 4852 wrote to memory of 720	4852	BLITZEDGRABBERV12.EXE	81
PID 4852 wrote to memory of 720	4852	BLITZEDGRABBERV12.EXE	81
PID 4852 wrote to memory of 1104	4852	BLITZEDGRABBERV12.EXE	82
PID 4852 wrote to memory of 1104	4852	BLITZEDGRABBERV12.EXE	82
PID 4852 wrote to memory of 1104	4852	BLITZEDGRABBERV12.EXE	82
PID 720 wrote to memory of 3772	720	BLITZEDGRABBERV12.EXE	83
PID 720 wrote to memory of 3772	720	BLITZEDGRABBERV12.EXE	83
PID 720 wrote to memory of 3772	720	BLITZEDGRABBERV12.EXE	83
PID 720 wrote to memory of 4164	720	BLITZEDGRABBERV12.EXE	84
PID 720 wrote to memory of 4164	720	BLITZEDGRABBERV12.EXE	84
PID 720 wrote to memory of 4164	720	BLITZEDGRABBERV12.EXE	84
PID 3772 wrote to memory of 3876	3772	BLITZEDGRABBERV12.EXE	85
PID 3772 wrote to memory of 3876	3772	BLITZEDGRABBERV12.EXE	85
PID 3772 wrote to memory of 3876	3772	BLITZEDGRABBERV12.EXE	85
PID 3772 wrote to memory of 2040	3772	BLITZEDGRABBERV12.EXE	86
PID 3772 wrote to memory of 2040	3772	BLITZEDGRABBERV12.EXE	86
PID 3772 wrote to memory of 2040	3772	BLITZEDGRABBERV12.EXE	86
PID 3876 wrote to memory of 2264	3876	BLITZEDGRABBERV12.EXE	88
PID 3876 wrote to memory of 2264	3876	BLITZEDGRABBERV12.EXE	88
PID 3876 wrote to memory of 2264	3876	BLITZEDGRABBERV12.EXE	88
PID 3876 wrote to memory of 3828	3876	BLITZEDGRABBERV12.EXE	89
PID 3876 wrote to memory of 3828	3876	BLITZEDGRABBERV12.EXE	89
PID 3876 wrote to memory of 3828	3876	BLITZEDGRABBERV12.EXE	89
PID 2264 wrote to memory of 4060	2264	BLITZEDGRABBERV12.EXE	90
PID 2264 wrote to memory of 4060	2264	BLITZEDGRABBERV12.EXE	90
PID 2264 wrote to memory of 4060	2264	BLITZEDGRABBERV12.EXE	90
PID 2264 wrote to memory of 4812	2264	BLITZEDGRABBERV12.EXE	91
PID 2264 wrote to memory of 4812	2264	BLITZEDGRABBERV12.EXE	91
PID 2264 wrote to memory of 4812	2264	BLITZEDGRABBERV12.EXE	91
PID 4060 wrote to memory of 1036	4060	BLITZEDGRABBERV12.EXE	130
PID 4060 wrote to memory of 1036	4060	BLITZEDGRABBERV12.EXE	130
PID 4060 wrote to memory of 1036	4060	BLITZEDGRABBERV12.EXE	130
PID 4060 wrote to memory of 4388	4060	BLITZEDGRABBERV12.EXE	93
PID 4060 wrote to memory of 4388	4060	BLITZEDGRABBERV12.EXE	93
PID 4060 wrote to memory of 4388	4060	BLITZEDGRABBERV12.EXE	93
PID 3232 wrote to memory of 4180	3232	MICROSFT MSI.EXE	94
PID 3232 wrote to memory of 4180	3232	MICROSFT MSI.EXE	94
PID 3232 wrote to memory of 4180	3232	MICROSFT MSI.EXE	94
PID 1036 wrote to memory of 4224	1036	BLITZEDGRABBERV12.EXE	96
PID 1036 wrote to memory of 4224	1036	BLITZEDGRABBERV12.EXE	96
PID 1036 wrote to memory of 4224	1036	BLITZEDGRABBERV12.EXE	96
PID 1036 wrote to memory of 4276	1036	BLITZEDGRABBERV12.EXE	97
PID 1036 wrote to memory of 4276	1036	BLITZEDGRABBERV12.EXE	97
PID 1036 wrote to memory of 4276	1036	BLITZEDGRABBERV12.EXE	97
PID 3232 wrote to memory of 1696	3232	MICROSFT MSI.EXE	98
PID 3232 wrote to memory of 1696	3232	MICROSFT MSI.EXE	98
PID 3232 wrote to memory of 1696	3232	MICROSFT MSI.EXE	98
PID 4224 wrote to memory of 2736	4224	BLITZEDGRABBERV12.EXE	99
PID 4224 wrote to memory of 2736	4224	BLITZEDGRABBERV12.EXE	99
PID 4224 wrote to memory of 2736	4224	BLITZEDGRABBERV12.EXE	99
PID 4224 wrote to memory of 3808	4224	BLITZEDGRABBERV12.EXE	100

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberv12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberv12.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:896
- C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
  "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
    "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
      "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        15⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        16⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        17⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        18⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        20⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        25⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        27⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        28⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        31⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        32⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        34⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        36⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        38⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        39⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        41⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        44⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        46⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        47⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        48⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        51⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        52⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        53⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        54⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        55⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        56⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        57⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        58⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        60⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        61⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        62⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        63⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        64⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        65⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        66⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        67⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        68⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        69⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        70⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        71⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        72⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        73⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        74⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        75⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        76⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        77⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        78⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        79⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        80⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        81⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        82⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        83⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        84⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        85⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        86⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        87⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        88⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        89⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        90⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        91⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        92⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        93⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        94⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        95⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        96⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        97⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        98⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        99⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        100⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        101⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        102⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        103⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        104⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        105⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        106⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        107⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        108⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        109⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        110⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        111⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        112⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        113⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        114⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        115⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        116⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        117⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        118⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        119⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        120⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        121⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        122⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        123⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        124⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        125⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        126⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        127⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        128⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        129⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        130⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        131⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        132⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        133⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        134⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        135⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        136⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        137⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        138⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        139⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        140⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        141⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        142⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        143⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        144⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        145⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        146⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        147⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        148⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        149⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        150⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        151⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        152⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        153⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        154⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        155⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        156⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        157⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        158⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        159⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        160⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        161⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        162⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        163⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        164⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        165⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        166⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        167⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        168⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        169⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        170⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        171⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        172⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        173⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        174⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        175⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        176⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        177⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        178⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        179⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        180⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        181⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        182⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        183⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        184⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        185⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        186⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        187⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        188⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        189⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        190⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        191⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        192⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        193⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        194⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        195⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        196⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        197⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        198⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        199⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        200⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        201⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        202⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        203⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        204⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        205⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        206⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        207⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        208⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        209⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        210⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        211⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        212⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        213⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        214⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        215⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        216⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        217⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        218⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        219⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        220⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        221⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        222⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        223⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        224⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        225⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        226⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        227⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        228⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        229⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        230⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        231⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        232⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        233⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        234⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        235⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        236⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        237⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        238⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        239⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        240⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        241⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        242⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        243⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        244⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        245⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        246⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        247⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        248⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        249⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        250⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        251⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        252⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        253⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        254⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        255⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        256⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        257⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        258⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        259⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        260⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        261⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        262⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        263⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        264⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        265⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        266⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        267⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        268⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        269⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        270⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        271⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        272⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        273⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        274⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        275⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        276⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        277⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        278⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        279⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        280⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        281⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        282⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        283⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        284⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        285⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        286⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        287⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        288⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        289⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        290⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        291⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        292⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        293⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        294⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        295⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        296⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        297⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        298⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        299⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        300⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        301⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        302⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        303⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        304⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        305⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        306⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        307⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        308⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        309⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        310⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        311⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        312⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        313⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        314⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        315⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        316⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        317⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        318⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        319⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        320⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        321⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        322⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        323⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        324⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        325⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BLITZEDGRABBERV12.EXE"
        326⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        326⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        325⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        324⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        323⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        322⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        321⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        320⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        319⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        318⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        317⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        316⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        315⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        314⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        313⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        312⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        311⤵
        
        PID:948
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        312⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4292
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        312⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        310⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        309⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        308⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        307⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        308⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1640
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        308⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        306⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        305⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        306⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1528
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        306⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        304⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        303⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        302⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        303⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1380
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        303⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        301⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        300⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        299⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        298⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        297⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        296⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        295⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        296⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3136
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        296⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        294⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        293⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        294⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:480
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        294⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        292⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        291⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        290⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        289⤵
        
        PID:236
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        290⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3432
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        290⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        288⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        287⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        286⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        287⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3068
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        287⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        285⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        284⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        283⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        284⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2056
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        284⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        282⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        281⤵
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        280⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        279⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        278⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        277⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        276⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        275⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        274⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        273⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        272⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        271⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        270⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        269⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        270⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4276
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        270⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        268⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        267⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        266⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        265⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        264⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        263⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        262⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        261⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        260⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        259⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        258⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        257⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        256⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        255⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        254⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        253⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        252⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        251⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        250⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        249⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        248⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        247⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        246⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        247⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4124
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        247⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        245⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        244⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        243⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        242⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        241⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        240⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        239⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        238⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        237⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        236⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        235⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        234⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        233⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        232⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        231⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        230⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        229⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        228⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        227⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        226⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        225⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        224⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        223⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        222⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        223⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3908
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        224⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        223⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        221⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        220⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        219⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        218⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        217⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        216⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        215⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        214⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        213⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        212⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        211⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        210⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        209⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        208⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        207⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        206⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        205⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        204⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        203⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        202⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        201⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        200⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        199⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        198⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        197⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        196⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        197⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2264
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        197⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        195⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        194⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        193⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        192⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        191⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        190⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        189⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        188⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        187⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        186⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        185⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        184⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        183⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        182⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        181⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        180⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        179⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        178⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        177⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        176⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        175⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        174⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        173⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        174⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3392
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        174⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        172⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        171⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        172⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1812
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        172⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        170⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        169⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        168⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        169⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2996
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        169⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        167⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        166⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        165⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        164⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        163⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        164⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2528
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        164⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        162⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        161⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        162⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4896
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        162⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        160⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        159⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        158⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        159⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3504
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        159⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        157⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        156⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        155⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        154⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        153⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        154⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1764
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        154⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        152⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        151⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        150⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        149⤵
        
        PID:412
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        150⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4416
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        150⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        148⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        147⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        146⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        145⤵
        
        PID:720
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        146⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1140
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        146⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        144⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        143⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        142⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        141⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        140⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        139⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        138⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        137⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        136⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        135⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        134⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        133⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        132⤵
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        131⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        130⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        129⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        128⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        127⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        126⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        125⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        124⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        123⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        122⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        121⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        120⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        119⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        120⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3008
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        120⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        118⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        117⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        116⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        115⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        114⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        113⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        112⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        111⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        110⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        109⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        108⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        107⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        106⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        105⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        104⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        103⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        102⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        101⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        100⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        99⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        98⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        97⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        96⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        97⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5060
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        97⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        95⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        94⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        93⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        92⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        91⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        90⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        89⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        88⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        87⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        86⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        85⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        84⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        83⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        82⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        81⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        80⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        79⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        78⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        77⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        76⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        75⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        74⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        73⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        72⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        73⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2836
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        73⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        71⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        70⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        69⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        68⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        67⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        66⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        65⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        64⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        63⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        62⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        61⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        60⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        59⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        58⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        55⤵
        Executes dropped EXE
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        47⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1156
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        48⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3600
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        48⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        46⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        45⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        42⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        41⤵
        Executes dropped EXE
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3368
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        41⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1404
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        39⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        38⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        37⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        36⤵
        Blocklisted process makes network request
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3392
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        37⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:3568
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        37⤵
        Executes dropped EXE
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        35⤵
        Executes dropped EXE
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        34⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:952
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        33⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:2076
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        31⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4888
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        31⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:568
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5052
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        29⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1632
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        29⤵
        Executes dropped EXE
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        27⤵
        Executes dropped EXE
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        26⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        25⤵
        Executes dropped EXE
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1036
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        24⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:868
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        24⤵
        Executes dropped EXE
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        22⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        20⤵
        Executes dropped EXE
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4588
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        20⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2256
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        20⤵
        Executes dropped EXE
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        18⤵
        Executes dropped EXE
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        14⤵
        Executes dropped EXE
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:436
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        14⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3860
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        14⤵
        Executes dropped EXE
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        12⤵
        Executes dropped EXE
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        10⤵
        Executes dropped EXE
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4388
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
        10⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:1572
        
        C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
        10⤵
        Executes dropped EXE
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
      "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
      4⤵
      Executes dropped EXE
      PID:1104
- - C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
    "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
    3⤵
    - Executes dropped EXE
    PID:3956
- C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE
  "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3232
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks" /create /tn "Windows Security Notification" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4180
- - C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Microsoft Host Sercurity.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MICROSFT MSI.EXE.log

Filesize
701B

MD5
a0c99cab2d0348a3d06a8ed2ac281be9

SHA1
abe85b62a3e758c71585a0be2ca133f4928d8242

SHA256
ed6940279bac21a6da297553ce2fc88d123c45428326418531c922d3c8bd4959

SHA512
19d2d3004fba1debe3ef7df8c7705fe50ef7174f64d1899464005b34840c95f1a9d02b8de3cf7f0a3ee8a303182a1b4a0186e69252c6a133ba7c355235ecd46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MICROSFT MSI.EXE

Filesize
595KB

MD5
475691016468352b8ad3479ba2cd4c60

SHA1
a8f10d2cb1f39a3a0c192a9b95dc9dffbc8dc41f

SHA256
9f8dbd40c87855601f86a8950aea9b737fbe8e8a53c3e007bafb4c07df9f7415

SHA512
40ef05d47760cb5e528678a69c8f3342529a1a60f9a850179613a5556f0f83b5fa12834ec9ae40b63219a3815b1346434911bc21b6863dcd545ee68103f14241

Download Submit
memory/3232-11-0x000000007309E000-0x000000007309F000-memory.dmp

Filesize
4KB

Download
memory/3232-13-0x0000000000110000-0x00000000001AC000-memory.dmp

Filesize
624KB

Download
memory/3232-21-0x00000000050B0000-0x00000000050C2000-memory.dmp

Filesize
72KB

Download
memory/3232-26-0x0000000005DB0000-0x0000000005DEC000-memory.dmp

Filesize
240KB

Download
memory/3956-14-0x0000000005530000-0x0000000005AD6000-memory.dmp

Filesize
5.6MB

Download
memory/3956-16-0x0000000005020000-0x00000000050B2000-memory.dmp

Filesize
584KB

Download
memory/3956-17-0x00000000050C0000-0x0000000005126000-memory.dmp

Filesize
408KB

Download