f8cdc2240f930d68fb53f4dbac1b6ce9a3ed99ae47beeeab38675254c41e0cb7

Analysis

max time kernel
13s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2023 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
Size

1.6MB
MD5

a7d3e428e1c28e7d34de27a6c1f9746d
SHA1

df524899a335dc772d665e58838ecf19b372bd04
SHA256

f8cdc2240f930d68fb53f4dbac1b6ce9a3ed99ae47beeeab38675254c41e0cb7
SHA512

7960528db8f00636741025352493ed6b15af26f94ab34f765b051b4ad7989dd4f79c71b1e20668e7792ffcb6805d6cd07a52be3cc763e7ca0c5492c8b3a76ba9
SSDEEP

24576:oW7Kh7swsET1jWDtpaA/lFvyvKxMW4JtA8M0bdhHzuz8Fek2B58ftwy3OTGdQE4R:V7M7ZljEt00lFvn4Jt5KJpDitw29QZ

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\Control Panel\International\Geo\Nation	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\Control Panel\International\Geo\Nation	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\Control Panel\International\Geo\Nation	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000\Control Panel\International\Geo\Nation	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\K:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\N:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\T:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\W:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\X:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\V:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\B:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\E:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\G:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\I:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\P:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\R:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\S:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\Y:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\Z:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\A:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\M:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\O:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\Q:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\U:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\J:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File opened (read-only)	\??\L:	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian gang bang handjob [bangbus] shower .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\asian horse public upskirt .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx public ash .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish beastiality voyeur pregnant (Tatjana,Sonja).mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish handjob lingerie catfight .zip.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian big .avi.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese blowjob hardcore hot (!) 40+ (Kathrin,Karin).mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beast masturbation beautyfull .mpg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Common Files\microsoft shared\asian horse gang bang [bangbus] circumcision (Anniston,Tatjana).mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian gay public boobs .mpeg.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
4164	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
4164	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2292	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
2292	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
5076	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
5076	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1220	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	79
PID 1932 wrote to memory of 1220	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	79
PID 1932 wrote to memory of 1220	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	79
PID 1932 wrote to memory of 4436	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	80
PID 1932 wrote to memory of 4436	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	80
PID 1932 wrote to memory of 4436	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	80
PID 1220 wrote to memory of 4164	1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	81
PID 1220 wrote to memory of 4164	1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	81
PID 1220 wrote to memory of 4164	1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	81
PID 1932 wrote to memory of 2292	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	82
PID 1932 wrote to memory of 2292	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	82
PID 1932 wrote to memory of 2292	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	82
PID 4436 wrote to memory of 5076	4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	83
PID 4436 wrote to memory of 5076	4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	83
PID 4436 wrote to memory of 5076	4436	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	83
PID 1220 wrote to memory of 1832	1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	84
PID 1220 wrote to memory of 1832	1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	84
PID 1220 wrote to memory of 1832	1220	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	84
PID 4164 wrote to memory of 4336	4164	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	85
PID 4164 wrote to memory of 4336	4164	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	85
PID 4164 wrote to memory of 4336	4164	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	85
PID 1932 wrote to memory of 4744	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	86
PID 1932 wrote to memory of 4744	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	86
PID 1932 wrote to memory of 4744	1932	easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe	86

C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
"C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9100
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:336
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10100
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:2848
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10940
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7564
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9316
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6732
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:8628
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:11308
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        7⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9784
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        6⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:4196
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11324
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10064
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10956
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6248
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6240
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:8208
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:7528
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10052
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9580
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:10352
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11416
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:7252
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:9976
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:4744
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
        
        "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
        5⤵
        
        PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9968
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9288
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:12108
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:7876
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:9328
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
      "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
      4⤵
      PID:11540
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:10380
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:3836
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:7028
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:9744
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:9048
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:6228
- - C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
    3⤵
    PID:12092
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:7836
- C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe
  "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_1d52646c7ff8353206c8adae181c264968603e051384b7007bc8472b0a1ecf5a.exe"
  2⤵
  PID:10948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian gay public boobs .mpeg.exe

Filesize
730KB

MD5
262270949f5645c1da39687273d62ed5

SHA1
3fee010510da48b5d1f6f9c7867c88be2b7f1dde

SHA256
431cfd6494cf7bf8e7cdfedd18ec3c7f51f7c0c3130f911d242e02bf8d3afc47

SHA512
38e59aed398fdfa3296c40ad42337905a34b475065f93bb95bff42f4eadf0c21ade9afefe63b00f157cffd96ef403e2ebad041a805db453d4e63dbe87fbf5eb6

Download Submit
memory/452-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/568-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/628-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/764-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/960-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1156-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1164-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1220-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1452-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1556-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1560-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1752-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1832-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1932-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2008-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2092-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2156-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2292-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2364-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2380-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2456-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2484-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2816-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2940-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3036-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3108-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3144-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3444-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3752-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3836-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4024-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4124-335-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4164-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4224-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4288-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4336-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4396-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4412-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4432-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4436-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4448-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4664-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4668-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4744-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4836-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5072-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5076-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5092-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5228-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5388-326-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5456-324-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5524-330-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5532-325-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5600-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5896-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6036-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6044-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6052-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6096-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6104-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6168-339-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6176-341-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download