48cd64aa519a94f81e758f8c492cd6b17afc10fff8c4d37293f2fd8cfe14519c

Analysis

max time kernel
28s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HEUR-Worm.Win32.Movie666.exe
Size

1.8MB
MD5

c2d8e4d54d716a9a971c91a9eac29492
SHA1

739f94f80bab2900c604c99b6cb20b00f728d48d
SHA256

48cd64aa519a94f81e758f8c492cd6b17afc10fff8c4d37293f2fd8cfe14519c
SHA512

05e389d42ee81480f66552ce46abf6b8b3d33d96009b809bfa43680e30fbe67196122dfdd2af648b377c3d6d9edc86e7eabe1bc3a881d57d74d6048238515d4a
SSDEEP

49152:5YVWRxf9+CJU5JDMisX4X7mtbqdWAnhxq8:iV2DJSh5ibqAAna8

Score

9^/10

persistence spyware stealer

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
behavioral1/files/0x00070000000160f8-4.dat	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	HEUR-Worm.Win32.Movie666.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\Z:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\J:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\K:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\L:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\M:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\Q:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\V:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\A:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\B:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\R:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\S:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\T:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\X:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\Y:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\I:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\N:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\H:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\O:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\U:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\W:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\E:	HEUR-Worm.Win32.Movie666.exe
File opened (read-only)	\??\G:	HEUR-Worm.Win32.Movie666.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\russian porn trambling big titts (Britney,Janette).zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cumshot lingerie uncut hole 50+ .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\System32\DriverStore\Temp\italian handjob lesbian [milf] glans .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\FxsTmp\lingerie girls mistress .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\IME\shared\horse girls (Sarah).mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american action xxx [bangbus] feet pregnant .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish cum lingerie [free] cock .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian handjob trambling [bangbus] 50+ (Kathrin,Liz).mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\IME\shared\american cumshot xxx lesbian glans (Christine,Liz).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie sleeping (Samantha).avi.exe	HEUR-Worm.Win32.Movie666.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\japanese horse horse [milf] glans .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [milf] girly .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian kicking fucking full movie .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian porn blowjob [milf] (Curtney).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian animal fucking masturbation ejaculation .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files\Common Files\Microsoft Shared\lesbian uncut 50+ .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files\DVD Maker\Shared\japanese animal horse catfight (Sarah).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\xxx sleeping feet .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian fetish trambling voyeur balls .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob [free] 40+ .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\swedish fetish sperm sleeping glans hairy (Jade).mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black kicking blowjob sleeping .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian licking gorgeoushorny .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\horse catfight titts latex .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish horse trambling licking Ôë .mpeg.exe	HEUR-Worm.Win32.Movie666.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\fetish hardcore girls girly .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\black action lesbian voyeur latex .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish trambling catfight leather .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\indian animal hardcore several models .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\malaysia gay girls cock .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude lesbian girls titts (Christine,Tatjana).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse big leather .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cumshot trambling [free] boots .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\bukkake [free] .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\german lesbian [bangbus] titts mistress (Jade).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian gang bang beast full movie glans blondie .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian cumshot lingerie masturbation titts (Christine,Jade).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\danish beastiality xxx catfight (Tatjana).mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\nude lingerie licking feet 50+ (Jade).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish cumshot trambling several models .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\german beast several models penetration .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\porn bukkake girls hole swallow .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\spanish horse licking .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\mssrv.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\russian fetish bukkake masturbation 50+ .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\bukkake big femdom .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse uncut (Janette).mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\PLA\Templates\gay girls femdom .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fetish gay lesbian .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish action blowjob hidden sweet .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\lingerie [milf] granny (Sonja,Jade).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\cumshot horse full movie circumcision .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie catfight bondage .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\Downloaded Program Files\russian horse sperm masturbation cock YEâPSè& (Janette).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cum horse masturbation shower .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\british hardcore hot (!) hole YEâPSè& .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\gay licking cock mistress (Sylvia).zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish nude xxx [milf] ìï .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian fetish bukkake girls stockings .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\hardcore voyeur (Sylvia).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore voyeur titts young .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british bukkake catfight hole .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish kicking fucking masturbation (Sarah).zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\german horse masturbation castration .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\nude gay voyeur feet hotel .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese horse hot (!) bedroom .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian gang bang hardcore girls titts (Britney,Sarah).zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\tyrkish nude gay [free] bondage .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\Temp\swedish horse horse uncut latex .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\french beast uncut feet upskirt (Samantha).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\lingerie public wifey (Sonja,Samantha).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\InstallTemp\swedish horse lingerie lesbian (Jade).mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\security\templates\swedish porn lesbian sleeping femdom .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\trambling several models sweet (Ashley,Samantha).mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian lesbian girls (Janette).zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american horse bukkake hot (!) (Sarah).avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian sperm [bangbus] cock ejaculation .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia sperm masturbation glans wifey (Sylvia).zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\tmp\indian porn beast [milf] penetration .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\SoftwareDistribution\Download\fucking uncut feet young .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish handjob lingerie hot (!) glans redhair (Melissa).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob hot (!) bondage .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\sperm big sweet .mpeg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\kicking lesbian catfight cock castration (Curtney).rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\animal sperm hidden bedroom .zip.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\canadian blowjob hidden .mpg.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish beastiality beast hidden titts .avi.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\gay full movie beautyfull .rar.exe	HEUR-Worm.Win32.Movie666.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\brasilian fetish hardcore lesbian 40+ .mpeg.exe	HEUR-Worm.Win32.Movie666.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2028	HEUR-Worm.Win32.Movie666.exe
2616	HEUR-Worm.Win32.Movie666.exe
2028	HEUR-Worm.Win32.Movie666.exe
1924	HEUR-Worm.Win32.Movie666.exe
2732	HEUR-Worm.Win32.Movie666.exe
2616	HEUR-Worm.Win32.Movie666.exe
2028	HEUR-Worm.Win32.Movie666.exe
2880	HEUR-Worm.Win32.Movie666.exe
1396	HEUR-Worm.Win32.Movie666.exe
1924	HEUR-Worm.Win32.Movie666.exe
2356	HEUR-Worm.Win32.Movie666.exe
1684	HEUR-Worm.Win32.Movie666.exe
2732	HEUR-Worm.Win32.Movie666.exe
2616	HEUR-Worm.Win32.Movie666.exe
2028	HEUR-Worm.Win32.Movie666.exe
2040	HEUR-Worm.Win32.Movie666.exe
1804	HEUR-Worm.Win32.Movie666.exe
2036	HEUR-Worm.Win32.Movie666.exe
2880	HEUR-Worm.Win32.Movie666.exe
1924	HEUR-Worm.Win32.Movie666.exe
2244	HEUR-Worm.Win32.Movie666.exe
2184	HEUR-Worm.Win32.Movie666.exe
912	HEUR-Worm.Win32.Movie666.exe
2136	HEUR-Worm.Win32.Movie666.exe
1396	HEUR-Worm.Win32.Movie666.exe
2356	HEUR-Worm.Win32.Movie666.exe
2312	HEUR-Worm.Win32.Movie666.exe
1684	HEUR-Worm.Win32.Movie666.exe
2732	HEUR-Worm.Win32.Movie666.exe
2616	HEUR-Worm.Win32.Movie666.exe
2028	HEUR-Worm.Win32.Movie666.exe
1988	HEUR-Worm.Win32.Movie666.exe
2800	HEUR-Worm.Win32.Movie666.exe
2548	HEUR-Worm.Win32.Movie666.exe
2040	HEUR-Worm.Win32.Movie666.exe
2324	HEUR-Worm.Win32.Movie666.exe
556	HEUR-Worm.Win32.Movie666.exe
2880	HEUR-Worm.Win32.Movie666.exe
2036	HEUR-Worm.Win32.Movie666.exe
1328	HEUR-Worm.Win32.Movie666.exe
1804	HEUR-Worm.Win32.Movie666.exe
656	HEUR-Worm.Win32.Movie666.exe
1484	HEUR-Worm.Win32.Movie666.exe
1668	HEUR-Worm.Win32.Movie666.exe
296	HEUR-Worm.Win32.Movie666.exe
1924	HEUR-Worm.Win32.Movie666.exe
2244	HEUR-Worm.Win32.Movie666.exe
448	HEUR-Worm.Win32.Movie666.exe
912	HEUR-Worm.Win32.Movie666.exe
2184	HEUR-Worm.Win32.Movie666.exe
2016	HEUR-Worm.Win32.Movie666.exe
1396	HEUR-Worm.Win32.Movie666.exe
712	HEUR-Worm.Win32.Movie666.exe
2356	HEUR-Worm.Win32.Movie666.exe
2164	HEUR-Worm.Win32.Movie666.exe
1572	HEUR-Worm.Win32.Movie666.exe
1712	HEUR-Worm.Win32.Movie666.exe
2732	HEUR-Worm.Win32.Movie666.exe
2136	HEUR-Worm.Win32.Movie666.exe
1684	HEUR-Worm.Win32.Movie666.exe
2312	HEUR-Worm.Win32.Movie666.exe
2028	HEUR-Worm.Win32.Movie666.exe
2028	HEUR-Worm.Win32.Movie666.exe
2616	HEUR-Worm.Win32.Movie666.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2616	2028	HEUR-Worm.Win32.Movie666.exe	28
PID 2028 wrote to memory of 2616	2028	HEUR-Worm.Win32.Movie666.exe	28
PID 2028 wrote to memory of 2616	2028	HEUR-Worm.Win32.Movie666.exe	28
PID 2028 wrote to memory of 2616	2028	HEUR-Worm.Win32.Movie666.exe	28
PID 2616 wrote to memory of 1924	2616	HEUR-Worm.Win32.Movie666.exe	29
PID 2616 wrote to memory of 1924	2616	HEUR-Worm.Win32.Movie666.exe	29
PID 2616 wrote to memory of 1924	2616	HEUR-Worm.Win32.Movie666.exe	29
PID 2616 wrote to memory of 1924	2616	HEUR-Worm.Win32.Movie666.exe	29
PID 2028 wrote to memory of 2732	2028	HEUR-Worm.Win32.Movie666.exe	30
PID 2028 wrote to memory of 2732	2028	HEUR-Worm.Win32.Movie666.exe	30
PID 2028 wrote to memory of 2732	2028	HEUR-Worm.Win32.Movie666.exe	30
PID 2028 wrote to memory of 2732	2028	HEUR-Worm.Win32.Movie666.exe	30
PID 1924 wrote to memory of 2880	1924	HEUR-Worm.Win32.Movie666.exe	31
PID 1924 wrote to memory of 2880	1924	HEUR-Worm.Win32.Movie666.exe	31
PID 1924 wrote to memory of 2880	1924	HEUR-Worm.Win32.Movie666.exe	31
PID 1924 wrote to memory of 2880	1924	HEUR-Worm.Win32.Movie666.exe	31
PID 2732 wrote to memory of 1396	2732	HEUR-Worm.Win32.Movie666.exe	32
PID 2732 wrote to memory of 1396	2732	HEUR-Worm.Win32.Movie666.exe	32
PID 2732 wrote to memory of 1396	2732	HEUR-Worm.Win32.Movie666.exe	32
PID 2732 wrote to memory of 1396	2732	HEUR-Worm.Win32.Movie666.exe	32
PID 2616 wrote to memory of 2356	2616	HEUR-Worm.Win32.Movie666.exe	33
PID 2616 wrote to memory of 2356	2616	HEUR-Worm.Win32.Movie666.exe	33
PID 2616 wrote to memory of 2356	2616	HEUR-Worm.Win32.Movie666.exe	33
PID 2616 wrote to memory of 2356	2616	HEUR-Worm.Win32.Movie666.exe	33
PID 2028 wrote to memory of 1684	2028	HEUR-Worm.Win32.Movie666.exe	34
PID 2028 wrote to memory of 1684	2028	HEUR-Worm.Win32.Movie666.exe	34
PID 2028 wrote to memory of 1684	2028	HEUR-Worm.Win32.Movie666.exe	34
PID 2028 wrote to memory of 1684	2028	HEUR-Worm.Win32.Movie666.exe	34
PID 2880 wrote to memory of 2040	2880	HEUR-Worm.Win32.Movie666.exe	35
PID 2880 wrote to memory of 2040	2880	HEUR-Worm.Win32.Movie666.exe	35
PID 2880 wrote to memory of 2040	2880	HEUR-Worm.Win32.Movie666.exe	35
PID 2880 wrote to memory of 2040	2880	HEUR-Worm.Win32.Movie666.exe	35
PID 1924 wrote to memory of 1804	1924	HEUR-Worm.Win32.Movie666.exe	36
PID 1924 wrote to memory of 1804	1924	HEUR-Worm.Win32.Movie666.exe	36
PID 1924 wrote to memory of 1804	1924	HEUR-Worm.Win32.Movie666.exe	36
PID 1924 wrote to memory of 1804	1924	HEUR-Worm.Win32.Movie666.exe	36
PID 1396 wrote to memory of 2036	1396	HEUR-Worm.Win32.Movie666.exe	37
PID 1396 wrote to memory of 2036	1396	HEUR-Worm.Win32.Movie666.exe	37
PID 1396 wrote to memory of 2036	1396	HEUR-Worm.Win32.Movie666.exe	37
PID 1396 wrote to memory of 2036	1396	HEUR-Worm.Win32.Movie666.exe	37
PID 2356 wrote to memory of 2184	2356	HEUR-Worm.Win32.Movie666.exe	38
PID 2356 wrote to memory of 2184	2356	HEUR-Worm.Win32.Movie666.exe	38
PID 2356 wrote to memory of 2184	2356	HEUR-Worm.Win32.Movie666.exe	38
PID 2356 wrote to memory of 2184	2356	HEUR-Worm.Win32.Movie666.exe	38
PID 1684 wrote to memory of 2244	1684	HEUR-Worm.Win32.Movie666.exe	39
PID 1684 wrote to memory of 2244	1684	HEUR-Worm.Win32.Movie666.exe	39
PID 1684 wrote to memory of 2244	1684	HEUR-Worm.Win32.Movie666.exe	39
PID 1684 wrote to memory of 2244	1684	HEUR-Worm.Win32.Movie666.exe	39
PID 2732 wrote to memory of 912	2732	HEUR-Worm.Win32.Movie666.exe	40
PID 2732 wrote to memory of 912	2732	HEUR-Worm.Win32.Movie666.exe	40
PID 2732 wrote to memory of 912	2732	HEUR-Worm.Win32.Movie666.exe	40
PID 2732 wrote to memory of 912	2732	HEUR-Worm.Win32.Movie666.exe	40
PID 2616 wrote to memory of 2136	2616	HEUR-Worm.Win32.Movie666.exe	41
PID 2616 wrote to memory of 2136	2616	HEUR-Worm.Win32.Movie666.exe	41
PID 2616 wrote to memory of 2136	2616	HEUR-Worm.Win32.Movie666.exe	41
PID 2616 wrote to memory of 2136	2616	HEUR-Worm.Win32.Movie666.exe	41
PID 2028 wrote to memory of 2312	2028	HEUR-Worm.Win32.Movie666.exe	42
PID 2028 wrote to memory of 2312	2028	HEUR-Worm.Win32.Movie666.exe	42
PID 2028 wrote to memory of 2312	2028	HEUR-Worm.Win32.Movie666.exe	42
PID 2028 wrote to memory of 2312	2028	HEUR-Worm.Win32.Movie666.exe	42
PID 2040 wrote to memory of 1988	2040	HEUR-Worm.Win32.Movie666.exe	43
PID 2040 wrote to memory of 1988	2040	HEUR-Worm.Win32.Movie666.exe	43
PID 2040 wrote to memory of 1988	2040	HEUR-Worm.Win32.Movie666.exe	43
PID 2040 wrote to memory of 1988	2040	HEUR-Worm.Win32.Movie666.exe	43

C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        10⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        10⤵
        
        PID:19432
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        10⤵
        
        PID:26336
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:18592
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:18476
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:26376
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:22740
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23996
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:22340
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23908
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24168
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24176
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:22348
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:22304
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24224
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18460
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24152
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:18500
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24032
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24192
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:18948
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:19196
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24804
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24440
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23900
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:23764
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:22368
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:19400
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:25960
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23972
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24360
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24232
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24776
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24408
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18696
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23756
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23924
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:23828
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18512
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24288
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24368
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23796
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:22384
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18608
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:26344
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24072
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24328
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23820
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:22256
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24520
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23860
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18848
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24280
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:22776
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:19172
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24344
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:22288
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18856
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24248
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24812
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18764
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:22264
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24056
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23676
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:18716
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24272
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24200
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23916
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18520
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24304
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23932
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24512
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23532
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24336
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24112
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:712
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:22280
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:25968
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23804
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23868
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18788
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:22760
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:19164
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24208
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23948
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23568
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23560
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:22332
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24160
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18708
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24480
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:22768
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:19188
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:25940
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14528
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18932
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18964
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18756
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:10724
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:5744
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        9⤵
        
        PID:18956
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:18640
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:26388
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:24040
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24088
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23852
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24352
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:18916
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18468
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24312
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:22272
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18584
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23956
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:23964
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24128
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23988
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:22392
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24384
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24264
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23892
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:26360
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23812
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24120
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24136
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:26368
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        8⤵
        
        PID:19000
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18664
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18796
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24080
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24456
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:23940
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24144
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24048
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18648
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:22296
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24472
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:19156
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24528
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:23884
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18732
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18780
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:19444
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18404
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:23776
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24096
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:9920
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4572
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:18972
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24216
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:19416
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:22748
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        7⤵
        
        PID:24376
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24256
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:25952
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24424
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24184
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:23980
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24536
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:24792
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18740
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24004
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24504
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:15044
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24392
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24104
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24024
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:19424
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24400
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:9748
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:6828
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18616
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:26352
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        6⤵
        
        PID:18772
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:21616
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:18600
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14656
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:23876
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24464
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24240
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24296
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:22356
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:9820
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:14676
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:18924
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:19148
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24784
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:11180
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:3484
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
        
        "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
        5⤵
        
        PID:24820
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24416
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
      "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
      4⤵
      PID:24064
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:10524
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:18324
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:26328
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  PID:4592
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:14592
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:24320
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  PID:6692
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:13576
- - C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
    3⤵
    PID:5968
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  PID:10740
- C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe
  "C:\Users\Admin\AppData\Local\Temp\HEUR-Worm.Win32.Movie666.exe"
  2⤵
  PID:22732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [milf] girly .zip.exe

Filesize
1002KB

MD5
2b590de4a5407f4e3ff96df81bea0086

SHA1
686f6ee42b693b54cd32e58a53b37d2ea283b920

SHA256
7b60af2d4d2ebe68e89b8b8e78b2234b3275fdf580203e25618668d6330d8dfd

SHA512
f702c68ceb0dc6f63ce6b5d8507e84dcd0dc0e1aebb93a89f845d07a9f74df5ad927bbca81e8bc42c79d8b70e88f291441f7576d13f4f49cd11a8bb1f314938e

Download Submit
C:\debug.txt

Filesize
183B

MD5
189ed4fc6efa4885260a5bc6edceedc0

SHA1
e0010328fb67ba90f6a821fb810a3588b7599372

SHA256
024947d3401f88c58ccc31425894c1ce943a5a679319a931e148b3499e013bc8

SHA512
30db7a0288efd419b19bf069b672d48122ff38625e32b8916bef8478f615ddd1627c9e29f90edcd5dc374dda441c2cfbcbb965e224584accf75d140be5e69686

Download Submit
memory/2028-97-0x0000000074650000-0x0000000074653000-memory.dmp

Filesize
12KB

Download
memory/2028-102-0x0000000074640000-0x0000000074648000-memory.dmp

Filesize
32KB

Download