6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062

Analysis

max time kernel
143s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe
Size

7KB
MD5

61583aa3d30ee95e15acee5ddf778ba7
SHA1

18988b167117d3410384a0b2b541cc2494794dd1
SHA256

6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062
SHA512

9ef3e5c601911b20a44785ea0a4b5725e01c081d60d49142c1d2bee6c95104843eeed8c558af43d86463960cd07afa541a58351b263fc1f4d68b13edfd7dfff6
SSDEEP

96:G632tdsBx3wIWTR1eG6PuXa1JIwj7deiDOK:GPdsXTWTPeGhmJIwtei

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1852	PurpleMood.scr
1204	PurpleMood.scr
1528	PurpleMood.scr
984	PurpleMood.scr
784	PurpleMood.scr
1484	PurpleMood.scr
952	PurpleMood.scr
1984	PurpleMood.scr
1640	PurpleMood.scr
1644	PurpleMood.scr
1788	PurpleMood.scr
1296	PurpleMood.scr
916	PurpleMood.scr
1084	PurpleMood.scr
1016	PurpleMood.scr
1124	PurpleMood.scr
1128	PurpleMood.scr
1368	PurpleMood.scr
1756	PurpleMood.scr
624	PurpleMood.scr
1548	PurpleMood.scr
1748	PurpleMood.scr
432	PurpleMood.scr
580	PurpleMood.scr
996	PurpleMood.scr
772	PurpleMood.scr
1692	PurpleMood.scr
1716	PurpleMood.scr
820	PurpleMood.scr
1420	PurpleMood.scr
912	PurpleMood.scr
1700	PurpleMood.scr
1340	PurpleMood.scr
616	PurpleMood.scr
1328	PurpleMood.scr
1476	PurpleMood.scr
940	PurpleMood.scr
1736	PurpleMood.scr
1804	PurpleMood.scr
1688	PurpleMood.scr
1352	PurpleMood.scr
1792	PurpleMood.scr
568	PurpleMood.scr
1032	PurpleMood.scr
1136	PurpleMood.scr
1768	PurpleMood.scr
1256	PurpleMood.scr
1752	PurpleMood.scr
1568	PurpleMood.scr
1408	PurpleMood.scr
1704	PurpleMood.scr
888	PurpleMood.scr
892	PurpleMood.scr
552	PurpleMood.scr
960	PurpleMood.scr
1664	PurpleMood.scr
1620	PurpleMood.scr
1760	PurpleMood.scr
1624	PurpleMood.scr
1808	PurpleMood.scr
1460	PurpleMood.scr
1076	PurpleMood.scr
824	PurpleMood.scr
1380	PurpleMood.scr

Loads dropped DLL 64 IoCs

pid	Process
1424	6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe
1424	6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe
1852	PurpleMood.scr
1852	PurpleMood.scr
1204	PurpleMood.scr
1204	PurpleMood.scr
1528	PurpleMood.scr
1528	PurpleMood.scr
984	PurpleMood.scr
984	PurpleMood.scr
784	PurpleMood.scr
784	PurpleMood.scr
1484	PurpleMood.scr
1484	PurpleMood.scr
952	PurpleMood.scr
952	PurpleMood.scr
1984	PurpleMood.scr
1984	PurpleMood.scr
1640	PurpleMood.scr
1640	PurpleMood.scr
1644	PurpleMood.scr
1644	PurpleMood.scr
1788	PurpleMood.scr
1788	PurpleMood.scr
1296	PurpleMood.scr
1296	PurpleMood.scr
916	PurpleMood.scr
916	PurpleMood.scr
1084	PurpleMood.scr
1084	PurpleMood.scr
1016	PurpleMood.scr
1016	PurpleMood.scr
1124	PurpleMood.scr
1124	PurpleMood.scr
1128	PurpleMood.scr
1128	PurpleMood.scr
1368	PurpleMood.scr
1368	PurpleMood.scr
1756	PurpleMood.scr
1756	PurpleMood.scr
624	PurpleMood.scr
624	PurpleMood.scr
1548	PurpleMood.scr
1548	PurpleMood.scr
1748	PurpleMood.scr
1748	PurpleMood.scr
432	PurpleMood.scr
432	PurpleMood.scr
580	PurpleMood.scr
580	PurpleMood.scr
996	PurpleMood.scr
996	PurpleMood.scr
772	PurpleMood.scr
772	PurpleMood.scr
1692	PurpleMood.scr
1692	PurpleMood.scr
1716	PurpleMood.scr
1716	PurpleMood.scr
820	PurpleMood.scr
820	PurpleMood.scr
1420	PurpleMood.scr
1420	PurpleMood.scr
912	PurpleMood.scr
912	PurpleMood.scr

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	Process not Found
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	PurpleMood.scr
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PurpleMood = "C:\\Windows\\system32\\PurpleMood.scr"	PurpleMood.scr

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	Process not Found
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr
File created	C:\Windows\SysWOW64\PurpleMood.scr	PurpleMood.scr

Program crash 64 IoCs

pid	pid_target	Process	procid_target
12120	1852	Process not Found	26
12144	1424	Process not Found	25
12168	1528	Process not Found	28
12184	984	Process not Found	29
12160	1204	Process not Found	27
12216	952	Process not Found	32
12240	784	Process not Found	30
12260	1484	Process not Found	31
12300	1640	Process not Found	34
12292	1984	Process not Found	33
12332	1644	Process not Found	35
12348	916	Process not Found	38
12380	1788	Process not Found	36
12424	1084	Process not Found	39
12504	1016	Process not Found	40
12408	1296	Process not Found	37
12532	624	Process not Found	45
12564	1548	Process not Found	46
12580	432	Process not Found	48
12608	1756	Process not Found	44
12600	1128	Process not Found	42
12556	1124	Process not Found	41
12548	1368	Process not Found	43
12644	1748	Process not Found	47
12700	820	Process not Found	54
12716	772	Process not Found	51
12708	996	Process not Found	50
12724	1716	Process not Found	53
12692	1692	Process not Found	52
12676	580	Process not Found	49
12788	1340	Process not Found	58
12816	912	Process not Found	56
12764	1420	Process not Found	55
12832	1700	Process not Found	57
12860	940	Process not Found	62
12948	1328	Process not Found	60
12892	1476	Process not Found	61
12852	616	Process not Found	59
13008	1804	Process not Found	63
13020	1736	Process not Found	64
13028	1688	Process not Found	65
13096	1792	Process not Found	67
13108	1352	Process not Found	66
13116	568	Process not Found	68
13164	1032	Process not Found	69
13172	1256	Process not Found	72
13188	1136	Process not Found	70
13208	1768	Process not Found	71
13224	1752	Process not Found	73
13268	1568	Process not Found	74
13304	1408	Process not Found	77
12276	1704	Process not Found	75
12376	888	Process not Found	76
12736	960	Process not Found	80
12760	552	Process not Found	79
13132	1664	Process not Found	81
13372	1620	Process not Found	82
13248	1808	Process not Found	85
13380	1076	Process not Found	87
13396	276	Process not Found	90
13452	1360	Process not Found	94
13468	1380	Process not Found	89
13508	1044	Process not Found	98
13528	812	Process not Found	97

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1852	1424	6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe	26
PID 1424 wrote to memory of 1852	1424	6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe	26
PID 1424 wrote to memory of 1852	1424	6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe	26
PID 1424 wrote to memory of 1852	1424	6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe	26
PID 1852 wrote to memory of 1204	1852	PurpleMood.scr	27
PID 1852 wrote to memory of 1204	1852	PurpleMood.scr	27
PID 1852 wrote to memory of 1204	1852	PurpleMood.scr	27
PID 1852 wrote to memory of 1204	1852	PurpleMood.scr	27
PID 1204 wrote to memory of 1528	1204	PurpleMood.scr	28
PID 1204 wrote to memory of 1528	1204	PurpleMood.scr	28
PID 1204 wrote to memory of 1528	1204	PurpleMood.scr	28
PID 1204 wrote to memory of 1528	1204	PurpleMood.scr	28
PID 1528 wrote to memory of 984	1528	PurpleMood.scr	29
PID 1528 wrote to memory of 984	1528	PurpleMood.scr	29
PID 1528 wrote to memory of 984	1528	PurpleMood.scr	29
PID 1528 wrote to memory of 984	1528	PurpleMood.scr	29
PID 984 wrote to memory of 784	984	PurpleMood.scr	30
PID 984 wrote to memory of 784	984	PurpleMood.scr	30
PID 984 wrote to memory of 784	984	PurpleMood.scr	30
PID 984 wrote to memory of 784	984	PurpleMood.scr	30
PID 784 wrote to memory of 1484	784	PurpleMood.scr	31
PID 784 wrote to memory of 1484	784	PurpleMood.scr	31
PID 784 wrote to memory of 1484	784	PurpleMood.scr	31
PID 784 wrote to memory of 1484	784	PurpleMood.scr	31
PID 1484 wrote to memory of 952	1484	PurpleMood.scr	32
PID 1484 wrote to memory of 952	1484	PurpleMood.scr	32
PID 1484 wrote to memory of 952	1484	PurpleMood.scr	32
PID 1484 wrote to memory of 952	1484	PurpleMood.scr	32
PID 952 wrote to memory of 1984	952	PurpleMood.scr	33
PID 952 wrote to memory of 1984	952	PurpleMood.scr	33
PID 952 wrote to memory of 1984	952	PurpleMood.scr	33
PID 952 wrote to memory of 1984	952	PurpleMood.scr	33
PID 1984 wrote to memory of 1640	1984	PurpleMood.scr	34
PID 1984 wrote to memory of 1640	1984	PurpleMood.scr	34
PID 1984 wrote to memory of 1640	1984	PurpleMood.scr	34
PID 1984 wrote to memory of 1640	1984	PurpleMood.scr	34
PID 1640 wrote to memory of 1644	1640	PurpleMood.scr	35
PID 1640 wrote to memory of 1644	1640	PurpleMood.scr	35
PID 1640 wrote to memory of 1644	1640	PurpleMood.scr	35
PID 1640 wrote to memory of 1644	1640	PurpleMood.scr	35
PID 1644 wrote to memory of 1788	1644	PurpleMood.scr	36
PID 1644 wrote to memory of 1788	1644	PurpleMood.scr	36
PID 1644 wrote to memory of 1788	1644	PurpleMood.scr	36
PID 1644 wrote to memory of 1788	1644	PurpleMood.scr	36
PID 1788 wrote to memory of 1296	1788	PurpleMood.scr	37
PID 1788 wrote to memory of 1296	1788	PurpleMood.scr	37
PID 1788 wrote to memory of 1296	1788	PurpleMood.scr	37
PID 1788 wrote to memory of 1296	1788	PurpleMood.scr	37
PID 1296 wrote to memory of 916	1296	PurpleMood.scr	38
PID 1296 wrote to memory of 916	1296	PurpleMood.scr	38
PID 1296 wrote to memory of 916	1296	PurpleMood.scr	38
PID 1296 wrote to memory of 916	1296	PurpleMood.scr	38
PID 916 wrote to memory of 1084	916	PurpleMood.scr	39
PID 916 wrote to memory of 1084	916	PurpleMood.scr	39
PID 916 wrote to memory of 1084	916	PurpleMood.scr	39
PID 916 wrote to memory of 1084	916	PurpleMood.scr	39
PID 1084 wrote to memory of 1016	1084	PurpleMood.scr	40
PID 1084 wrote to memory of 1016	1084	PurpleMood.scr	40
PID 1084 wrote to memory of 1016	1084	PurpleMood.scr	40
PID 1084 wrote to memory of 1016	1084	PurpleMood.scr	40
PID 1016 wrote to memory of 1124	1016	PurpleMood.scr	41
PID 1016 wrote to memory of 1124	1016	PurpleMood.scr	41
PID 1016 wrote to memory of 1124	1016	PurpleMood.scr	41
PID 1016 wrote to memory of 1124	1016	PurpleMood.scr	41

C:\Users\Admin\AppData\Local\Temp\6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe
"C:\Users\Admin\AppData\Local\Temp\6dd19a0a7bd0dbd4e225ceb88db05df0fa3b408074ca55dda8cbe78d8575a062.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\PurpleMood.scr
  C:\Windows\system32\PurpleMood.scr
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Windows\SysWOW64\PurpleMood.scr
    C:\Windows\system32\PurpleMood.scr
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Windows\SysWOW64\PurpleMood.scr
      C:\Windows\system32\PurpleMood.scr
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:984
      - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:784
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:952
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1984
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1644
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1788
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:916
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1084
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1016
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1124
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1128
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1756
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1548
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1748
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:580
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:996
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:772
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1692
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1716
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:820
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1420
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        33⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        34⤵
        Executes dropped EXE
        
        PID:1340
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        35⤵
        Executes dropped EXE
        
        PID:616
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        36⤵
        Executes dropped EXE
        
        PID:1328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        37⤵
        Executes dropped EXE
        
        PID:1476
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        38⤵
        Executes dropped EXE
        
        PID:940
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        39⤵
        Executes dropped EXE
        
        PID:1736

C:\Windows\SysWOW64\PurpleMood.scr
C:\Windows\system32\PurpleMood.scr
1⤵
- Executes dropped EXE
PID:1804
- C:\Windows\SysWOW64\PurpleMood.scr
  C:\Windows\system32\PurpleMood.scr
  2⤵
  - Executes dropped EXE
  PID:1688
- - C:\Windows\SysWOW64\PurpleMood.scr
    C:\Windows\system32\PurpleMood.scr
    3⤵
    - Executes dropped EXE
    PID:1352
  - - C:\Windows\SysWOW64\PurpleMood.scr
      C:\Windows\system32\PurpleMood.scr
      4⤵
      Executes dropped EXE
      PID:1792
    - - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        5⤵
        Executes dropped EXE
        
        PID:568
      - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        6⤵
        Executes dropped EXE
        
        PID:1032
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        7⤵
        Executes dropped EXE
        
        PID:1136
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        8⤵
        Executes dropped EXE
        
        PID:1768
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        9⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        10⤵
        Executes dropped EXE
        
        PID:1752
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        11⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1408

C:\Windows\SysWOW64\PurpleMood.scr
C:\Windows\system32\PurpleMood.scr
1⤵
- Executes dropped EXE
PID:1704
- C:\Windows\SysWOW64\PurpleMood.scr
  C:\Windows\system32\PurpleMood.scr
  2⤵
  - Executes dropped EXE
  PID:888
- - C:\Windows\SysWOW64\PurpleMood.scr
    C:\Windows\system32\PurpleMood.scr
    3⤵
    - Executes dropped EXE
    PID:892
  - - C:\Windows\SysWOW64\PurpleMood.scr
      C:\Windows\system32\PurpleMood.scr
      4⤵
      Executes dropped EXE
      PID:552
    - - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        5⤵
        Executes dropped EXE
        
        PID:960
      - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        6⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        7⤵
        Executes dropped EXE
        
        PID:1620
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        8⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        9⤵
        Executes dropped EXE
        
        PID:1624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        10⤵
        Executes dropped EXE
        
        PID:1808
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        11⤵
        Executes dropped EXE
        
        PID:1460
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        12⤵
        Executes dropped EXE
        
        PID:1076
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        13⤵
        Executes dropped EXE
        
        PID:824
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        14⤵
        Executes dropped EXE
        
        PID:1380
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        15⤵
        
        PID:276
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        16⤵
        Drops file in System32 directory
        
        PID:1192
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        17⤵
        Drops file in System32 directory
        
        PID:924
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        18⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        19⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        20⤵
        
        PID:336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        21⤵
        Drops file in System32 directory
        
        PID:1060
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        22⤵
        
        PID:812
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        23⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        24⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        25⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        26⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        27⤵
        Drops file in System32 directory
        
        PID:1772
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        28⤵
        
        PID:968
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        29⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        30⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        31⤵
        Drops file in System32 directory
        
        PID:1832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        32⤵
        
        PID:1184
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        33⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        34⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        35⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        36⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        37⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        38⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        39⤵
        Drops file in System32 directory
        
        PID:2096
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        40⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        41⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        42⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        43⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        44⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        45⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        46⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        47⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        48⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        49⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        50⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        51⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        52⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        53⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        54⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        55⤵
        Adds Run key to start application
        
        PID:2224
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        56⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        57⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        58⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        59⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        60⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        61⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        62⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        63⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        64⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        65⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        66⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        67⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        68⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        69⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        70⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        71⤵
        Drops file in System32 directory
        
        PID:2352
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        72⤵
        Adds Run key to start application
        
        PID:2360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        73⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        74⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        75⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        76⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        77⤵
        Drops file in System32 directory
        
        PID:2400
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        78⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        79⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        80⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        81⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        82⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        83⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        84⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        85⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        86⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        87⤵
        Adds Run key to start application
        
        PID:2480
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        88⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        89⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        90⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        91⤵
        
        PID:2528

C:\Windows\SysWOW64\PurpleMood.scr
C:\Windows\system32\PurpleMood.scr
1⤵
PID:2544
- C:\Windows\SysWOW64\PurpleMood.scr
  C:\Windows\system32\PurpleMood.scr
  2⤵
  - Adds Run key to start application
  PID:2560
- - C:\Windows\SysWOW64\PurpleMood.scr
    C:\Windows\system32\PurpleMood.scr
    3⤵
    PID:2572
  - - C:\Windows\SysWOW64\PurpleMood.scr
      C:\Windows\system32\PurpleMood.scr
      4⤵
      PID:2584
    - - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        5⤵
        
        PID:2596
      - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        6⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        7⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        8⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        9⤵
        
        PID:2660

C:\Windows\SysWOW64\PurpleMood.scr
C:\Windows\system32\PurpleMood.scr
1⤵
- Drops file in System32 directory
PID:2676
- C:\Windows\SysWOW64\PurpleMood.scr
  C:\Windows\system32\PurpleMood.scr
  2⤵
  PID:2688
- - C:\Windows\SysWOW64\PurpleMood.scr
    C:\Windows\system32\PurpleMood.scr
    3⤵
    PID:2704
  - - C:\Windows\SysWOW64\PurpleMood.scr
      C:\Windows\system32\PurpleMood.scr
      4⤵
      PID:2720
    - - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        5⤵
        
        PID:2732
      - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        6⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        7⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        8⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        9⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        10⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        11⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        12⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        13⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        14⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        15⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        16⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        17⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        18⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        19⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        20⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        21⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        22⤵
        Drops file in System32 directory
        
        PID:2988
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        23⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        24⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        25⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        26⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        27⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        28⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        29⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        30⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        31⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        32⤵
        Drops file in System32 directory
        
        PID:2648
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        33⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        34⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        35⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        36⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        37⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        38⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        39⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        40⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        41⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        42⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        43⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        44⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        45⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        46⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        47⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        48⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        49⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        50⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        51⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        52⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        53⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        54⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        55⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        56⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        57⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        58⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        59⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        60⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        61⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        62⤵
        Adds Run key to start application
        
        PID:3080
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        63⤵
        Adds Run key to start application
        
        PID:3088
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        64⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        65⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        66⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        67⤵
        Adds Run key to start application
        
        PID:3120
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        68⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        69⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        70⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        71⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        72⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        73⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        74⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        75⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        76⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        77⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        78⤵
        Drops file in System32 directory
        
        PID:3208
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        79⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        80⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        81⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        82⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        83⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        84⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        85⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        86⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        87⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3280
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        88⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        89⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        90⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        91⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        92⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        93⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        94⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        95⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        96⤵
        Adds Run key to start application
        
        PID:3352
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        97⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        98⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        99⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        100⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        101⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        102⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        103⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        104⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        105⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        106⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        107⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        108⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        109⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        110⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        111⤵
        Adds Run key to start application
        
        PID:3472
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        112⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        113⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        114⤵
        Drops file in System32 directory
        
        PID:3496
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        115⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        116⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        117⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        118⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        119⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        120⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        121⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        122⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        123⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        124⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        125⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        126⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        127⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        128⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        129⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        130⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        131⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        132⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        133⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        134⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        135⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        136⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        137⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        138⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        139⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        140⤵
        Drops file in System32 directory
        
        PID:3764
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        141⤵
        Drops file in System32 directory
        
        PID:3776
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        142⤵
        Adds Run key to start application
        
        PID:3788
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        143⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        144⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        145⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        146⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        147⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        148⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        149⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        150⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        151⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        152⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        153⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        154⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4020
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        155⤵
        Adds Run key to start application
        
        PID:4028
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        156⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        157⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        158⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        159⤵
        Drops file in System32 directory
        
        PID:4060
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        160⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        161⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        162⤵
        Adds Run key to start application
        
        PID:4084
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        163⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        164⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        165⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        166⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        167⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        168⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        169⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        170⤵
        Drops file in System32 directory
        
        PID:3756
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        171⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        172⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        173⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        174⤵
        Drops file in System32 directory
        
        PID:3828
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        175⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        176⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        177⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        178⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        179⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        180⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        181⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        182⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        183⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        184⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        185⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        186⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        187⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        188⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        189⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        190⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        191⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        192⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        193⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        194⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        195⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        196⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        197⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        198⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        199⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        200⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        201⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        202⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        203⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        204⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        205⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        206⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        207⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        208⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        209⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        210⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        211⤵
        Adds Run key to start application
        
        PID:4276
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        212⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        213⤵
        Drops file in System32 directory
        
        PID:4292
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        214⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        215⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        216⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        217⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        218⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        219⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        220⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        221⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        222⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        223⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        224⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        225⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        226⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        227⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        228⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        229⤵
        Adds Run key to start application
        
        PID:4420
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        230⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        231⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        232⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        233⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        234⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        235⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        236⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        237⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        238⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        239⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        240⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        241⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        242⤵
        Adds Run key to start application
        
        PID:4524
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        243⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        244⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        245⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        246⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        247⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        248⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        249⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        250⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        251⤵
        Drops file in System32 directory
        
        PID:4596
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        252⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        253⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        254⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        255⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        256⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        257⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        258⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        259⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        260⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        261⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        262⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        263⤵
        Adds Run key to start application
        
        PID:4696
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        264⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        265⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        266⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        267⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        268⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        269⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        270⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        271⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        272⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        273⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        274⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        275⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        276⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        277⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        278⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        279⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        280⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        281⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        282⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        283⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        284⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        285⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        286⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        287⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        288⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        289⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        290⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        291⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        292⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        293⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        294⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        295⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        296⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        297⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        298⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        299⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        300⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        301⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        302⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        303⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        304⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        305⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        306⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        307⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        308⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        309⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        310⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        311⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        312⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        313⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        314⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        315⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        316⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        317⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        318⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        319⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        320⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        321⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        322⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        323⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        324⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        325⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        326⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        327⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        328⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        329⤵
        Drops file in System32 directory
        
        PID:5224
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        330⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        331⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        332⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        333⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        334⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        335⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        336⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        337⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        338⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        339⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        340⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        341⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        342⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        343⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        344⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        345⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        346⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        347⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        348⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        349⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        350⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        351⤵
        Adds Run key to start application
        
        PID:5400
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        352⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        353⤵
        Adds Run key to start application
        
        PID:5416
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        354⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        355⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        356⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        357⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        358⤵
        Drops file in System32 directory
        
        PID:5456
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        359⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        360⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        361⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        362⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        363⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        364⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        365⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        366⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        367⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        368⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        369⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        370⤵
        Drops file in System32 directory
        
        PID:5552
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        371⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        372⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        373⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        374⤵
        Adds Run key to start application
        
        PID:5584
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        375⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        376⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        377⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        378⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        379⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        380⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        381⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        382⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        383⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        384⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        385⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        386⤵
        Adds Run key to start application
        
        PID:5680
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        387⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        388⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        389⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        390⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        391⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        392⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        393⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        394⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        395⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        396⤵
        Adds Run key to start application
        
        PID:5760
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        397⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        398⤵
        Drops file in System32 directory
        
        PID:5776
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        399⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        400⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        401⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        402⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        403⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        404⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        405⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        406⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        407⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        408⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        409⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        410⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        411⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        412⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        413⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        414⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        415⤵
        Drops file in System32 directory
        
        PID:5912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        416⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        417⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        418⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        419⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        420⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        421⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        422⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        423⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        424⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        425⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        426⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        427⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        428⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        429⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        430⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        431⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        432⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        433⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        434⤵
        Adds Run key to start application
        
        PID:6068
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        435⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        436⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        437⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        438⤵
        Drops file in System32 directory
        
        PID:6100
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        439⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        440⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        441⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        442⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        443⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        444⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        445⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        446⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        447⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        448⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        449⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        450⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        451⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        452⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        453⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        454⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        455⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        456⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        457⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        458⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        459⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        460⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        461⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        462⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        463⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        464⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:6312
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        465⤵
        Adds Run key to start application
        
        PID:6320
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        466⤵
        Drops file in System32 directory
        
        PID:6328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        467⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        468⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        469⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        470⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        471⤵
        Adds Run key to start application
        
        PID:6368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        472⤵
        Drops file in System32 directory
        
        PID:6376
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        473⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        474⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        475⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        476⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        477⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        478⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        479⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        480⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        481⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        482⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        483⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        484⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        485⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        486⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        487⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        488⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        489⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        490⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        491⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        492⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        493⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        494⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        495⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        496⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        497⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        498⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        499⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        500⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        501⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        502⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        503⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        504⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        505⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        506⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        507⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        508⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        509⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        510⤵
        Drops file in System32 directory
        
        PID:6680
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        511⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        512⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        513⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        514⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        515⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        516⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        517⤵
        Drops file in System32 directory
        
        PID:6736
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        518⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        519⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        520⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        521⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        522⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        523⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        524⤵
        Adds Run key to start application
        
        PID:6792
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        525⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        526⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        527⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        528⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        529⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        530⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        531⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        532⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        533⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        534⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        535⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        536⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        537⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        538⤵
        Adds Run key to start application
        
        PID:6904
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        539⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        540⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        541⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        542⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        543⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        544⤵
        Adds Run key to start application
        
        PID:6952
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        545⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        546⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        547⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        548⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        549⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        550⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        551⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        552⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        553⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        554⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        555⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        556⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        557⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        558⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        559⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        560⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        561⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        562⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        563⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        564⤵
        Adds Run key to start application
        
        PID:7112
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        565⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        566⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        567⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        568⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        569⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        570⤵
        Drops file in System32 directory
        
        PID:7160
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        571⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        572⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        573⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        574⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        575⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        576⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        577⤵
        Adds Run key to start application
        
        PID:7220
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        578⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        579⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        580⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        581⤵
        Adds Run key to start application
        
        PID:7252
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        582⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        583⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        584⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        585⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        586⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        587⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        588⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        589⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        590⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        591⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        592⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        593⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        594⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        595⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        596⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        597⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        598⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        599⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        600⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        601⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        602⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        603⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        604⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        605⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        606⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        607⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        608⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        609⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        610⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        611⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        612⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        613⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        614⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        615⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        616⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        617⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        618⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        619⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        620⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        621⤵
        Adds Run key to start application
        
        PID:7572
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        622⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        623⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        624⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        625⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        626⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        627⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        628⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        629⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        630⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        631⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        632⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        633⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        634⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        635⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        636⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        637⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        638⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        639⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        640⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        641⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        642⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        643⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        644⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        645⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        646⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        647⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        648⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        649⤵
        Drops file in System32 directory
        
        PID:7796
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        650⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        651⤵
        Drops file in System32 directory
        
        PID:7812
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        652⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        653⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        654⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        655⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        656⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        657⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        658⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        659⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        660⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        661⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        662⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        663⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        664⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        665⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        666⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        667⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        668⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        669⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        670⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        671⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        672⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        673⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        674⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        675⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        676⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        677⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        678⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        679⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        680⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        681⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        682⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        683⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        684⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        685⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        686⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        687⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        688⤵
        Adds Run key to start application
        
        PID:8108
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        689⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        690⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        691⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        692⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        693⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        694⤵
        Adds Run key to start application
        
        PID:8156
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        695⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        696⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        697⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        698⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        699⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        700⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        701⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        702⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        703⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        704⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        705⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        706⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        707⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        708⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        709⤵
        Adds Run key to start application
        
        PID:8280
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        710⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        711⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        712⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        713⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        714⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        715⤵
        Adds Run key to start application
        
        PID:8328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        716⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        717⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        718⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        719⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        720⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        721⤵
        Adds Run key to start application
        
        PID:8376
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        722⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        723⤵
        Drops file in System32 directory
        
        PID:8392
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        724⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        725⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        726⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        727⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        728⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        729⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        730⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        731⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        732⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        733⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        734⤵
        
        PID:8480

C:\Windows\SysWOW64\PurpleMood.scr
C:\Windows\system32\PurpleMood.scr
1⤵
PID:8488
- C:\Windows\SysWOW64\PurpleMood.scr
  C:\Windows\system32\PurpleMood.scr
  2⤵
  PID:8496
- - C:\Windows\SysWOW64\PurpleMood.scr
    C:\Windows\system32\PurpleMood.scr
    3⤵
    PID:8504
  - - C:\Windows\SysWOW64\PurpleMood.scr
      C:\Windows\system32\PurpleMood.scr
      4⤵
      PID:8512
    - - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        5⤵
        
        PID:8520
      - C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        6⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        7⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        8⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        9⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        11⤵
        Adds Run key to start application
        
        PID:8568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        12⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        13⤵
        Drops file in System32 directory
        
        PID:8584
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        14⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        15⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        16⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        17⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        18⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        19⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        20⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        21⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        22⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        23⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        24⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        25⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        26⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        27⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        28⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        29⤵
        Drops file in System32 directory
        
        PID:8712
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        30⤵
        Adds Run key to start application
        
        PID:8720
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        31⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        32⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        33⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        34⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        35⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        36⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        37⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        38⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        39⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        40⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        41⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        42⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        43⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        44⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        45⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        46⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        47⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        48⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        49⤵
        Drops file in System32 directory
        
        PID:8872
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        50⤵
        Drops file in System32 directory
        
        PID:8880
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        51⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        52⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        53⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        54⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        55⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        56⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        57⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        58⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        59⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        60⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        61⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        62⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        63⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        64⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        65⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        66⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        67⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        68⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        69⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        70⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        71⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        72⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        73⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        74⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        75⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        76⤵
        Adds Run key to start application
        
        PID:9088
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        77⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        78⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        79⤵
        Adds Run key to start application
        
        PID:9112
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        80⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        81⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        82⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        83⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        84⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        85⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        86⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        87⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        88⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        89⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        90⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        91⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        92⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        93⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        94⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        95⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        96⤵
        Adds Run key to start application
        
        PID:9248
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        97⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        98⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        99⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        100⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        101⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        102⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        103⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        104⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        105⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        106⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        107⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        108⤵
        Adds Run key to start application
        
        PID:9344
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        109⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        110⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        111⤵
        Adds Run key to start application
        
        PID:9368
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        112⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        113⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        114⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        115⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        116⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        117⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        118⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        119⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        120⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        121⤵
        Drops file in System32 directory
        
        PID:9448
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        122⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        123⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        124⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        125⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        126⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        127⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        128⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        129⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        130⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        131⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        132⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        133⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        134⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        135⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        136⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        137⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        138⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\PurpleMood.scr
        
        C:\Windows\system32\PurpleMood.scr
        139⤵
        
        PID:9592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
C:\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
\Windows\SysWOW64\PurpleMood.scr

Filesize
7KB

MD5
e006b16e9caedade2c230acaa6b10a1c

SHA1
1e16e76b89e15f64ab37dfaa02bdc93c54d1a2b2

SHA256
122971fa8c02e7577f0632b835cf84dc3b67a88b2b9cdb92472c7e935b3f4302

SHA512
6323d6bba94f6d6ac8e6e144e7bdfff2638bc94b78d8feeaa8e75e62aae38008ef7d6350894a1144ac0b39e5921426035130cb87c18e6bc025d0f3eb0854c5b8

Download Submit
memory/432-188-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/552-239-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/568-228-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/580-189-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/616-206-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/624-184-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/772-194-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/772-193-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/784-162-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/820-198-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/888-237-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/892-238-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/912-202-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/916-174-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/940-221-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/952-165-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/960-240-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/984-160-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/996-191-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1016-177-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1032-229-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1084-175-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1124-178-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1128-179-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1136-230-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1204-157-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1256-232-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1296-172-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1328-207-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1340-205-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1352-226-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1368-181-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1408-235-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1420-200-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1424-154-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/1424-153-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1476-209-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1484-163-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1528-159-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1548-185-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1568-234-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1620-242-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1624-244-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1640-168-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1644-169-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1664-241-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1688-225-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1692-195-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1700-203-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1704-236-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1716-197-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1736-222-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1748-187-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1752-233-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1756-182-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1760-243-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1768-231-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1788-171-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1792-227-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1804-223-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1804-224-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/1808-245-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1852-156-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1984-166-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download