f8cdc2240f930d68fb53f4dbac1b6ce9a3ed99ae47beeeab38675254c41e0cb7

Analysis

max time kernel
24s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
Size

1.6MB
MD5

a7d3e428e1c28e7d34de27a6c1f9746d
SHA1

df524899a335dc772d665e58838ecf19b372bd04
SHA256

f8cdc2240f930d68fb53f4dbac1b6ce9a3ed99ae47beeeab38675254c41e0cb7
SHA512

7960528db8f00636741025352493ed6b15af26f94ab34f765b051b4ad7989dd4f79c71b1e20668e7792ffcb6805d6cd07a52be3cc763e7ca0c5492c8b3a76ba9
SSDEEP

24576:oW7Kh7swsET1jWDtpaA/lFvyvKxMW4JtA8M0bdhHzuz8Fek2B58ftwy3OTGdQE4R:V7M7ZljEt00lFvn4Jt5KJpDitw29QZ

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\G:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\H:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\J:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\L:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\S:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\T:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\W:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\X:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\Y:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\A:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\I:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\K:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\O:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\Q:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\U:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\B:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\E:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\M:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\N:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\P:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\R:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\V:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\Z:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\blowjob public feet stockings (Liz).avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian fetish blowjob several models glans hairy (Karin).mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay several models ejaculation .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse xxx girls redhair (Ashley,Samantha).mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\System32\DriverStore\Temp\lesbian hidden ejaculation .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\IME\shared\trambling hot (!) upskirt .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american cumshot gay [milf] .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cum lesbian catfight mistress .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude fucking lesbian feet bondage .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian handjob xxx several models girly .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black nude horse [bangbus] mistress .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse [milf] (Karin).zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\beast hidden granny (Gina,Curtney).avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Windows Journal\Templates\blowjob big YEâPSè& .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx licking glans upskirt .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm [free] .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx girls blondie .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Google\Temp\trambling girls bondage .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish action blowjob several models .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian beastiality gay uncut .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay big gorgeoushorny .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\DVD Maker\Shared\lingerie licking upskirt .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese handjob hardcore big glans .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian horse lingerie lesbian .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\italian handjob blowjob licking hole shoes .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\handjob bukkake lesbian titts shoes (Liz).rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\tyrkish animal horse sleeping .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\norwegian lingerie catfight gorgeoushorny .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm hidden lady (Christine,Melissa).rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black cum horse girls sweet .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian action fucking several models cock swallow (Sarah).mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx hidden young .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\fetish lingerie uncut .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\cum hardcore sleeping .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake voyeur feet .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\cum blowjob [milf] glans fishy (Sarah).rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\fetish gay [free] sm .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\japanese horse trambling lesbian (Samantha).mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum trambling licking 40+ .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish horse lingerie [milf] shoes .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian handjob fucking [bangbus] bedroom .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black nude lingerie uncut feet .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\temp\american nude beast [free] glans granny .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\asian sperm [bangbus] fishy .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british lesbian voyeur 40+ .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\trambling girls latex .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot blowjob uncut hole .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\bukkake licking .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\porn gay hot (!) hotel .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\animal gay masturbation hole sm .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\mssrv.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish beastiality blowjob hidden titts sm .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\kicking sperm hidden hairy .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish nude horse catfight cock .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\security\templates\beast voyeur titts .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\horse masturbation sm .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\hardcore hidden hole YEâPSè& .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\lesbian voyeur .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\action blowjob several models fishy (Sonja,Karin).rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\porn fucking uncut titts redhair .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\PLA\Templates\brasilian fetish hardcore catfight black hairunshaved .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian kicking sperm [bangbus] (Karin).avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\canadian bukkake sleeping titts bondage .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\danish porn bukkake hidden .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\blowjob big feet traffic .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\british lesbian [bangbus] femdom .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\horse public .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese porn beast [free] cock high heels .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\horse gay sleeping (Sarah).zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian xxx big glans (Christine,Liz).zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\norwegian fucking full movie high heels .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\trambling public shoes (Kathrin,Sarah).rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beast [free] .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian hidden YEâPSè& .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian porn horse girls upskirt .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\sperm catfight .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\animal lesbian catfight .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\russian fetish fucking licking bondage .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\norwegian fucking hidden traffic .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\nude beast [milf] (Jade).mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\canadian bukkake girls hole latex (Liz).avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia blowjob masturbation blondie .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\SoftwareDistribution\Download\american handjob trambling big cock pregnant .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\german beast voyeur femdom .rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\malaysia sperm big cock YEâPSè& (Jade).mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\action xxx public .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese fetish bukkake public hotel .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\action fucking licking young (Britney,Curtney).rar.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\german trambling [free] cock .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2664	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
268	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2632	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2636	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2500	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2972	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2180	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1100	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2664	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2828	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
268	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2556	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
828	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2800	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2848	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2636	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2636	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1660	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1660	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2632	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2632	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1812	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1812	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1608	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1608	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2868	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2868	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2500	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2500	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1936	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1936	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
680	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
680	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2972	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2972	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2972	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1224	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	28
PID 2948 wrote to memory of 1224	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	28
PID 2948 wrote to memory of 1224	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	28
PID 2948 wrote to memory of 1224	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	28
PID 1224 wrote to memory of 2028	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	29
PID 1224 wrote to memory of 2028	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	29
PID 1224 wrote to memory of 2028	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	29
PID 1224 wrote to memory of 2028	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	29
PID 2948 wrote to memory of 2140	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	30
PID 2948 wrote to memory of 2140	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	30
PID 2948 wrote to memory of 2140	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	30
PID 2948 wrote to memory of 2140	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	30
PID 2028 wrote to memory of 2288	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	31
PID 2028 wrote to memory of 2288	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	31
PID 2028 wrote to memory of 2288	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	31
PID 2028 wrote to memory of 2288	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	31
PID 1224 wrote to memory of 2724	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	32
PID 1224 wrote to memory of 2724	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	32
PID 1224 wrote to memory of 2724	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	32
PID 1224 wrote to memory of 2724	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	32
PID 2140 wrote to memory of 2664	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	33
PID 2140 wrote to memory of 2664	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	33
PID 2140 wrote to memory of 2664	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	33
PID 2140 wrote to memory of 2664	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	33
PID 2948 wrote to memory of 268	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	34
PID 2948 wrote to memory of 268	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	34
PID 2948 wrote to memory of 268	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	34
PID 2948 wrote to memory of 268	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	34
PID 2288 wrote to memory of 2496	2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	35
PID 2288 wrote to memory of 2496	2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	35
PID 2288 wrote to memory of 2496	2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	35
PID 2288 wrote to memory of 2496	2288	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	35
PID 2664 wrote to memory of 2632	2664	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	36
PID 2664 wrote to memory of 2632	2664	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	36
PID 2664 wrote to memory of 2632	2664	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	36
PID 2664 wrote to memory of 2632	2664	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	36
PID 2724 wrote to memory of 2636	2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	37
PID 2724 wrote to memory of 2636	2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	37
PID 2724 wrote to memory of 2636	2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	37
PID 2724 wrote to memory of 2636	2724	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	37
PID 2028 wrote to memory of 2500	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	38
PID 2028 wrote to memory of 2500	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	38
PID 2028 wrote to memory of 2500	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	38
PID 2028 wrote to memory of 2500	2028	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	38
PID 1224 wrote to memory of 2972	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	39
PID 1224 wrote to memory of 2972	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	39
PID 1224 wrote to memory of 2972	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	39
PID 1224 wrote to memory of 2972	1224	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	39
PID 2140 wrote to memory of 2180	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	40
PID 2140 wrote to memory of 2180	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	40
PID 2140 wrote to memory of 2180	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	40
PID 2140 wrote to memory of 2180	2140	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	40
PID 268 wrote to memory of 1100	268	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	41
PID 268 wrote to memory of 1100	268	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	41
PID 268 wrote to memory of 1100	268	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	41
PID 268 wrote to memory of 1100	268	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	41
PID 2948 wrote to memory of 2828	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	42
PID 2948 wrote to memory of 2828	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	42
PID 2948 wrote to memory of 2828	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	42
PID 2948 wrote to memory of 2828	2948	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	42
PID 2496 wrote to memory of 1140	2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	43
PID 2496 wrote to memory of 1140	2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	43
PID 2496 wrote to memory of 1140	2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	43
PID 2496 wrote to memory of 1140	2496	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	43

C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
"C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        10⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:12496
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        9⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10180
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9828
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11540
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:15464
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6768
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11524
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1516
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9520
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:968
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11120
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:15568
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:15592
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10844
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11516
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:268
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4492
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11136
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:15472
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6600
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11112
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:14932
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10536
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11152
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11504
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:15600
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6792
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11496
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11672
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:7960
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:14976
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:4692
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11068
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:6736
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:14632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx girls blondie .mpg.exe

Filesize
343KB

MD5
cc2129196716a268c529ba6539038de1

SHA1
078fc1a013bb1fdaab2492c916b107370de21c70

SHA256
fb0c312a5ab8b4831fe5d92d70bc98496740cad165609b2e1e5975990ab47357

SHA512
96921bbf828aa68a65786d751bd83a1052679bce7bac437750a5b3f4ea0c0052d8452bcff8222d4b49b6613c9283fcdbed4bcd4f8fa31e011f388caf301407e6

Download Submit
memory/268-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/680-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/828-184-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/828-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/872-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1100-170-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1100-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1108-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1140-182-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/1140-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1224-174-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/1224-115-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/1224-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1312-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1520-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1588-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1608-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1660-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1764-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1812-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1936-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1992-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1996-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2012-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2028-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2028-171-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/2028-144-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2040-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2104-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2136-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2140-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2140-147-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/2180-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2288-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2304-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2308-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2372-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2496-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2496-191-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2500-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2508-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2556-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-193-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2636-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2636-195-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2664-167-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2664-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2724-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2724-164-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2800-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2800-187-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/2828-175-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2828-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2848-189-0x0000000004800000-0x000000000482B000-memory.dmp

Filesize
172KB

Download
memory/2848-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2868-199-0x00000000047C0000-0x00000000047EB000-memory.dmp

Filesize
172KB

Download
memory/2868-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2948-180-0x0000000004F10000-0x0000000004F3B000-memory.dmp

Filesize
172KB

Download
memory/2948-54-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2948-158-0x0000000004F10000-0x0000000004F3B000-memory.dmp

Filesize
172KB

Download
memory/2948-133-0x0000000004F10000-0x0000000004F3B000-memory.dmp

Filesize
172KB

Download
memory/2948-101-0x0000000004F10000-0x0000000004F3B000-memory.dmp

Filesize
172KB

Download
memory/2972-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download