52f0c3471e31cea46fd5776acf896e557c3da55dc8966349b3939c51e3b6b82d

Analysis

max time kernel
126s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
Size

1.2MB
MD5

b050247ddb99e9969eabeba8b76eb491
SHA1

f899f777ee2827f7dc997dba67681936835acb3d
SHA256

52f0c3471e31cea46fd5776acf896e557c3da55dc8966349b3939c51e3b6b82d
SHA512

a909645475030ddf5f07853a7d6315dce996738d662539757c3fbe4e19c4c153e120e8add7ae6ff1532e6e56160c7acd1b13d63eba5e65a1943d5954211d438e
SSDEEP

24576:xtb20pkaCqT5TBWgNQ7ay2js14tXE/D1Si5EGjN6A:CVg5tQ7ay2j9ED+GB5

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\poufs.vbs	poufs.exe

Executes dropped EXE 64 IoCs

pid	Process
2600	poufs.exe
2592	poufs.exe
2504	poufs.exe
2536	poufs.exe
3016	poufs.exe
996	poufs.exe
2800	poufs.exe
2928	poufs.exe
2168	poufs.exe
1540	poufs.exe
2444	poufs.exe
1476	poufs.exe
928	poufs.exe
2312	poufs.exe
2864	poufs.exe
3028	poufs.exe
2880	poufs.exe
2308	poufs.exe
2280	poufs.exe
2256	poufs.exe
2816	poufs.exe
2360	poufs.exe
1964	poufs.exe
1428	poufs.exe
2000	poufs.exe
2708	poufs.exe
2696	poufs.exe
2688	poufs.exe
2492	poufs.exe
2632	poufs.exe
2580	poufs.exe
1860	poufs.exe
1408	poufs.exe
2812	poufs.exe
2904	poufs.exe
1568	poufs.exe
1548	poufs.exe
1960	poufs.exe
1780	poufs.exe
1580	poufs.exe
1552	poufs.exe
2388	poufs.exe
696	poufs.exe
1248	poufs.exe
1128	poufs.exe
1952	poufs.exe
1700	poufs.exe
1836	poufs.exe
2248	poufs.exe
1880	poufs.exe
1464	poufs.exe
2208	poufs.exe
1636	poufs.exe
2620	poufs.exe
1036	poufs.exe
1612	poufs.exe
536	poufs.exe
1416	poufs.exe
2948	poufs.exe
2216	poufs.exe
1992	poufs.exe
2296	poufs.exe
1456	poufs.exe
2352	poufs.exe

Loads dropped DLL 2 IoCs

pid	Process
2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
2600	poufs.exe

AutoIT Executable 5 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0008000000014bb1-12.dat	autoit_exe
behavioral1/memory/2600-29-0x0000000000150000-0x0000000000294000-memory.dmp	autoit_exe
behavioral1/memory/2600-33-0x0000000000150000-0x0000000000294000-memory.dmp	autoit_exe
behavioral1/memory/2592-46-0x0000000000150000-0x0000000000294000-memory.dmp	autoit_exe
behavioral1/memory/2592-48-0x0000000000150000-0x0000000000294000-memory.dmp	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	poufs.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
2600	poufs.exe
2600	poufs.exe
2592	poufs.exe
2592	poufs.exe
2504	poufs.exe
2504	poufs.exe
2536	poufs.exe
2536	poufs.exe
3016	poufs.exe
3016	poufs.exe
996	poufs.exe
996	poufs.exe
2800	poufs.exe
2800	poufs.exe
2928	poufs.exe
2928	poufs.exe
2168	poufs.exe
2168	poufs.exe
1540	poufs.exe
1540	poufs.exe
2444	poufs.exe
2444	poufs.exe
1476	poufs.exe
1476	poufs.exe
928	poufs.exe
928	poufs.exe
2312	poufs.exe
2312	poufs.exe
2864	poufs.exe
2864	poufs.exe
3028	poufs.exe
3028	poufs.exe
2880	poufs.exe
2880	poufs.exe
2308	poufs.exe
2308	poufs.exe
2280	poufs.exe
2280	poufs.exe
2256	poufs.exe
2256	poufs.exe
2816	poufs.exe
2816	poufs.exe
2360	poufs.exe
2360	poufs.exe
1964	poufs.exe
1964	poufs.exe
1428	poufs.exe
1428	poufs.exe
2000	poufs.exe
2000	poufs.exe
2708	poufs.exe
2708	poufs.exe
2696	poufs.exe
2696	poufs.exe
2688	poufs.exe
2688	poufs.exe
2492	poufs.exe
2492	poufs.exe
2632	poufs.exe
2632	poufs.exe
2580	poufs.exe
2580	poufs.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
2600	poufs.exe
2600	poufs.exe
2592	poufs.exe
2592	poufs.exe
2504	poufs.exe
2504	poufs.exe
2536	poufs.exe
2536	poufs.exe
3016	poufs.exe
3016	poufs.exe
996	poufs.exe
996	poufs.exe
2800	poufs.exe
2800	poufs.exe
2928	poufs.exe
2928	poufs.exe
2168	poufs.exe
2168	poufs.exe
1540	poufs.exe
1540	poufs.exe
2444	poufs.exe
2444	poufs.exe
1476	poufs.exe
1476	poufs.exe
928	poufs.exe
928	poufs.exe
2312	poufs.exe
2312	poufs.exe
2864	poufs.exe
2864	poufs.exe
3028	poufs.exe
3028	poufs.exe
2880	poufs.exe
2880	poufs.exe
2308	poufs.exe
2308	poufs.exe
2280	poufs.exe
2280	poufs.exe
2256	poufs.exe
2256	poufs.exe
2816	poufs.exe
2816	poufs.exe
2360	poufs.exe
2360	poufs.exe
1964	poufs.exe
1964	poufs.exe
1428	poufs.exe
1428	poufs.exe
2000	poufs.exe
2000	poufs.exe
2708	poufs.exe
2708	poufs.exe
2696	poufs.exe
2696	poufs.exe
2688	poufs.exe
2688	poufs.exe
2492	poufs.exe
2492	poufs.exe
2632	poufs.exe
2632	poufs.exe
2580	poufs.exe
2580	poufs.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2600	2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe	28
PID 2080 wrote to memory of 2600	2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe	28
PID 2080 wrote to memory of 2600	2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe	28
PID 2080 wrote to memory of 2600	2080	Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe	28
PID 2600 wrote to memory of 2592	2600	poufs.exe	29
PID 2600 wrote to memory of 2592	2600	poufs.exe	29
PID 2600 wrote to memory of 2592	2600	poufs.exe	29
PID 2600 wrote to memory of 2592	2600	poufs.exe	29
PID 2592 wrote to memory of 2504	2592	poufs.exe	30
PID 2592 wrote to memory of 2504	2592	poufs.exe	30
PID 2592 wrote to memory of 2504	2592	poufs.exe	30
PID 2592 wrote to memory of 2504	2592	poufs.exe	30
PID 2504 wrote to memory of 2536	2504	poufs.exe	31
PID 2504 wrote to memory of 2536	2504	poufs.exe	31
PID 2504 wrote to memory of 2536	2504	poufs.exe	31
PID 2504 wrote to memory of 2536	2504	poufs.exe	31
PID 2536 wrote to memory of 3016	2536	poufs.exe	32
PID 2536 wrote to memory of 3016	2536	poufs.exe	32
PID 2536 wrote to memory of 3016	2536	poufs.exe	32
PID 2536 wrote to memory of 3016	2536	poufs.exe	32
PID 3016 wrote to memory of 996	3016	poufs.exe	33
PID 3016 wrote to memory of 996	3016	poufs.exe	33
PID 3016 wrote to memory of 996	3016	poufs.exe	33
PID 3016 wrote to memory of 996	3016	poufs.exe	33
PID 996 wrote to memory of 2800	996	poufs.exe	34
PID 996 wrote to memory of 2800	996	poufs.exe	34
PID 996 wrote to memory of 2800	996	poufs.exe	34
PID 996 wrote to memory of 2800	996	poufs.exe	34
PID 2800 wrote to memory of 2928	2800	poufs.exe	35
PID 2800 wrote to memory of 2928	2800	poufs.exe	35
PID 2800 wrote to memory of 2928	2800	poufs.exe	35
PID 2800 wrote to memory of 2928	2800	poufs.exe	35
PID 2928 wrote to memory of 2168	2928	poufs.exe	36
PID 2928 wrote to memory of 2168	2928	poufs.exe	36
PID 2928 wrote to memory of 2168	2928	poufs.exe	36
PID 2928 wrote to memory of 2168	2928	poufs.exe	36
PID 2168 wrote to memory of 1540	2168	poufs.exe	37
PID 2168 wrote to memory of 1540	2168	poufs.exe	37
PID 2168 wrote to memory of 1540	2168	poufs.exe	37
PID 2168 wrote to memory of 1540	2168	poufs.exe	37
PID 1540 wrote to memory of 2444	1540	poufs.exe	38
PID 1540 wrote to memory of 2444	1540	poufs.exe	38
PID 1540 wrote to memory of 2444	1540	poufs.exe	38
PID 1540 wrote to memory of 2444	1540	poufs.exe	38
PID 2444 wrote to memory of 1476	2444	poufs.exe	39
PID 2444 wrote to memory of 1476	2444	poufs.exe	39
PID 2444 wrote to memory of 1476	2444	poufs.exe	39
PID 2444 wrote to memory of 1476	2444	poufs.exe	39
PID 1476 wrote to memory of 928	1476	poufs.exe	40
PID 1476 wrote to memory of 928	1476	poufs.exe	40
PID 1476 wrote to memory of 928	1476	poufs.exe	40
PID 1476 wrote to memory of 928	1476	poufs.exe	40
PID 928 wrote to memory of 2312	928	poufs.exe	41
PID 928 wrote to memory of 2312	928	poufs.exe	41
PID 928 wrote to memory of 2312	928	poufs.exe	41
PID 928 wrote to memory of 2312	928	poufs.exe	41
PID 2312 wrote to memory of 2864	2312	poufs.exe	42
PID 2312 wrote to memory of 2864	2312	poufs.exe	42
PID 2312 wrote to memory of 2864	2312	poufs.exe	42
PID 2312 wrote to memory of 2864	2312	poufs.exe	42
PID 2864 wrote to memory of 3028	2864	poufs.exe	43
PID 2864 wrote to memory of 3028	2864	poufs.exe	43
PID 2864 wrote to memory of 3028	2864	poufs.exe	43
PID 2864 wrote to memory of 3028	2864	poufs.exe	43

C:\Users\Admin\AppData\Local\Temp\Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe
"C:\Users\Admin\AppData\Local\Temp\Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
  "C:\Users\Admin\AppData\Local\Temp\Virus.Danger.ATA_virussign.com_b050247ddb99e9969eabeba8b76eb491.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
    "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
      "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2536
      - C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:996
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:928
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        33⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        34⤵
        Executes dropped EXE
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        35⤵
        Executes dropped EXE
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        36⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        37⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        40⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        41⤵
        Executes dropped EXE
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        42⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        43⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        44⤵
        Executes dropped EXE
        
        PID:696
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        45⤵
        Executes dropped EXE
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        46⤵
        Executes dropped EXE
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        48⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        49⤵
        Executes dropped EXE
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        51⤵
        Executes dropped EXE
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        52⤵
        Executes dropped EXE
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        53⤵
        Executes dropped EXE
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        54⤵
        Executes dropped EXE
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        55⤵
        Executes dropped EXE
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        56⤵
        Executes dropped EXE
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        57⤵
        Executes dropped EXE
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        58⤵
        Executes dropped EXE
        
        PID:536
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        59⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        60⤵
        Executes dropped EXE
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        61⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        62⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        63⤵
        Executes dropped EXE
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        64⤵
        Executes dropped EXE
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        65⤵
        Executes dropped EXE
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        66⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        69⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        70⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        71⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        72⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        73⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        75⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        76⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        77⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:608
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        80⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        82⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        83⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        84⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        85⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        86⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        88⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        89⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        91⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        92⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        93⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        94⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        96⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        97⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        98⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        99⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        100⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        101⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        102⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        103⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        104⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        105⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        106⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        107⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        108⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        109⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        112⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        113⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        114⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        115⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:340
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        117⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        118⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        119⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        120⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        121⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        122⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        125⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        127⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        131⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        132⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        133⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        134⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        135⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        136⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        138⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        139⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        141⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:444
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        144⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        146⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        147⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        148⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:468
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        151⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        152⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        153⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        154⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        156⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:712
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        158⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        159⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        160⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        161⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        164⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        165⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        166⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        167⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        168⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        169⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        170⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        171⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        172⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        173⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        174⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        177⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        178⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        179⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        180⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        181⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        183⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        184⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        186⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        187⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        189⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        190⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        191⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        193⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        194⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        195⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        196⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        197⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        199⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        200⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        202⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        203⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        205⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        207⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        208⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        209⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        210⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        211⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        212⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        215⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        217⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        218⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        219⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        220⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        221⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        222⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        223⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        224⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        225⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        226⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        227⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        228⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        229⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        230⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        231⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        232⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        233⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        234⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        235⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        236⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        237⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        238⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        239⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        240⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        241⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        242⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        243⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        244⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        245⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        246⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        247⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        248⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        249⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        250⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        251⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        252⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        253⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        254⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        255⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        256⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        257⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe
        
        "C:\Users\Admin\AppData\Local\peristeromorphous\poufs.exe"
        258⤵
        
        PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aut5274.tmp

Filesize
414KB

MD5
1b103a728fc1d561614a50a5e9407ef9

SHA1
3506363685fb0aee12d7bdff45eed7b93fa8b9da

SHA256
88cc4157859b1be7dc052bbb9a17d9b4a21b5ea6c41d0a0e1dffb4dfd71b6c29

SHA512
514064c18f331c76778fda0968a5fb6c2ee17a708d56942a839cb01c0224c8e029bedb7eb78d961be24fb69b2f62a65d9d9a311c702228be8c6230741ab4ca02

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut5294.tmp

Filesize
11KB

MD5
d15437ac18167aa8aad989d8bc3499bd

SHA1
eea15a60b8d2264621a9c99cc7c540ced5fc651e

SHA256
e294eaca3d584d07d51b9d9a77222131a30d6d70a575ecf7d48a0e288f90fa9d

SHA512
7631c63cd29c87cf699e6dc2a10e3d319d40987cff4d6d3f57381a5423f6edffa36b0e7ca53c9bece5317c31091874eb4e1d9e6c1a59a70ec412187b018b3777

Download Submit
C:\Users\Admin\AppData\Local\Temp\palladize

Filesize
483KB

MD5
bef3a8718be8c977fe7323916b62142c

SHA1
6dc252b1b79f3d3d5fa345d4a703ba2adad98f01

SHA256
f49fc766cc3a234b131f824228f7b44a8943b9eacb79e8546cc104b57ea41b42

SHA512
9d8c4b3e2d8629dfa69570676da6a2809e2c3219629a985131bbf83214ed647f70bc55be0d8541053207d41d37a8f888c4b76eab89df5f53d557bbb9c3758c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\spiketop

Filesize
58KB

MD5
8031ba8108d6d6b6418b6404b68cb53b

SHA1
c4dd578af0c4eed634395757aebc9ce5ffd4df21

SHA256
426212d21bda6cee0738aba3a07e9fa56af1c4d96140449bc769099f26f2fe8a

SHA512
500345b9324235ccb455cf3b4e306cd5f193f81dcf935e08e3d64d7d0a5978dda162be899b50cec8c3bd2f00746af14b3e29070707d33d4022d4a859ec597ca0

Download Submit
\Users\Admin\AppData\Local\peristeromorphous\poufs.exe

Filesize
1.2MB

MD5
b050247ddb99e9969eabeba8b76eb491

SHA1
f899f777ee2827f7dc997dba67681936835acb3d

SHA256
52f0c3471e31cea46fd5776acf896e557c3da55dc8966349b3939c51e3b6b82d

SHA512
a909645475030ddf5f07853a7d6315dce996738d662539757c3fbe4e19c4c153e120e8add7ae6ff1532e6e56160c7acd1b13d63eba5e65a1943d5954211d438e

Download Submit
memory/2080-10-0x00000000001E0000-0x00000000001E4000-memory.dmp

Filesize
16KB

Download
memory/2592-46-0x0000000000150000-0x0000000000294000-memory.dmp

Filesize
1.3MB

Download
memory/2592-48-0x0000000000150000-0x0000000000294000-memory.dmp

Filesize
1.3MB

Download
memory/2600-29-0x0000000000150000-0x0000000000294000-memory.dmp

Filesize
1.3MB

Download
memory/2600-33-0x0000000000150000-0x0000000000294000-memory.dmp

Filesize
1.3MB

Download