9b7eec30ff4471634def472e94179304ba0b79045fc90280502fecfa528f5f47

Analysis

max time kernel
17s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03-10-2023 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4634d13360bfda692c1948a890ffa4c6_JC.exe
Size

200KB
MD5

4634d13360bfda692c1948a890ffa4c6
SHA1

94ed1aef6471287b54f5944919f348819295930f
SHA256

9b7eec30ff4471634def472e94179304ba0b79045fc90280502fecfa528f5f47
SHA512

20251161f05d3b2f19435ae7021837bfe2ced803eb869581c243c8d4b4bcc0fea48df621a9eb98b29c6632d640768bd95cea696fcbb6f90aa465cf0f66928b7e
SSDEEP

6144:A//ICMmDRxs3NBR1vOASj8RkU/JYh5a8G:A//vi9Bvvt0piYh5ah

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4634d13360bfda692c1948a890ffa4c6_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\N:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\T:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\U:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\V:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\Y:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\A:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\G:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\K:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\M:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\Q:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\S:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\X:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\Z:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\B:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\I:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\R:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\W:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\J:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\O:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\P:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\E:	4634d13360bfda692c1948a890ffa4c6_JC.exe
File opened (read-only)	\??\H:	4634d13360bfda692c1948a890ffa4c6_JC.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\swedish horse xxx big boots .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian [free] glans circumcision (Tatjana).zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish gang bang horse hot (!) mature .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\american animal beast hot (!) cock .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish beastiality sperm girls hole castration .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm girls titts femdom (Samantha).rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore licking hotel .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black beastiality xxx girls hole mistress .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese fetish horse voyeur .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\indian animal blowjob voyeur traffic .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\blowjob masturbation .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\black fetish xxx public leather .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Google\Temp\beast catfight glans hairy (Melissa).zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking [bangbus] 50+ .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american action trambling several models bedroom .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie lesbian .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american handjob lesbian big latex .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files\Windows Journal\Templates\russian porn beast [bangbus] glans upskirt (Janette).rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking [milf] glans .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish animal fucking public feet .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay masturbation leather .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian kicking horse girls hotel .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lesbian girls latex .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian cumshot horse sleeping high heels .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian nude hardcore public feet lady (Samantha).mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx several models cock wifey .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese cumshot xxx hot (!) boots .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian girls 40+ .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\fucking hidden mistress .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian action beast hot (!) hole .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\japanese kicking lesbian [milf] (Sylvia).mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\japanese kicking hardcore full movie glans (Ashley,Karin).mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish animal xxx sleeping balls .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\security\templates\hardcore girls .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action beast girls glans sm (Tatjana).zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian gang bang blowjob lesbian glans .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese cumshot horse [bangbus] hole .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\PLA\Templates\horse big feet .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fucking full movie shoes .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\tmp\beast catfight cock .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cum fucking [milf] .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish animal lingerie licking hairy .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian uncut feet (Britney,Curtney).avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\SoftwareDistribution\Download\sperm voyeur hole leather .zip.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\mssrv.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish porn lesbian licking castration .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\Downloaded Program Files\japanese kicking fucking big granny .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian horse blowjob full movie shoes .rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish animal horse [free] blondie .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake hidden upskirt (Anniston,Jade).mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american fetish horse lesbian titts beautyfull (Janette).rar.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\bukkake masturbation hairy .mpeg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian beastiality beast hot (!) (Karin).avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lesbian [free] glans .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian fetish bukkake hot (!) hotel .mpg.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe
File created	C:\Windows\assembly\temp\trambling [bangbus] swallow .avi.exe	4634d13360bfda692c1948a890ffa4c6_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2012	4634d13360bfda692c1948a890ffa4c6_JC.exe
2600	4634d13360bfda692c1948a890ffa4c6_JC.exe
2012	4634d13360bfda692c1948a890ffa4c6_JC.exe
2456	4634d13360bfda692c1948a890ffa4c6_JC.exe
2688	4634d13360bfda692c1948a890ffa4c6_JC.exe
2600	4634d13360bfda692c1948a890ffa4c6_JC.exe
2012	4634d13360bfda692c1948a890ffa4c6_JC.exe
1032	4634d13360bfda692c1948a890ffa4c6_JC.exe
1656	4634d13360bfda692c1948a890ffa4c6_JC.exe
2780	4634d13360bfda692c1948a890ffa4c6_JC.exe
2692	4634d13360bfda692c1948a890ffa4c6_JC.exe
2456	4634d13360bfda692c1948a890ffa4c6_JC.exe
2688	4634d13360bfda692c1948a890ffa4c6_JC.exe
2012	4634d13360bfda692c1948a890ffa4c6_JC.exe
2600	4634d13360bfda692c1948a890ffa4c6_JC.exe
2120	4634d13360bfda692c1948a890ffa4c6_JC.exe
2348	4634d13360bfda692c1948a890ffa4c6_JC.exe
1476	4634d13360bfda692c1948a890ffa4c6_JC.exe
1032	4634d13360bfda692c1948a890ffa4c6_JC.exe
2192	4634d13360bfda692c1948a890ffa4c6_JC.exe
1272	4634d13360bfda692c1948a890ffa4c6_JC.exe
1792	4634d13360bfda692c1948a890ffa4c6_JC.exe
1656	4634d13360bfda692c1948a890ffa4c6_JC.exe
2456	4634d13360bfda692c1948a890ffa4c6_JC.exe
2688	4634d13360bfda692c1948a890ffa4c6_JC.exe
2692	4634d13360bfda692c1948a890ffa4c6_JC.exe
2780	4634d13360bfda692c1948a890ffa4c6_JC.exe
2528	4634d13360bfda692c1948a890ffa4c6_JC.exe
1432	4634d13360bfda692c1948a890ffa4c6_JC.exe
2012	4634d13360bfda692c1948a890ffa4c6_JC.exe
2600	4634d13360bfda692c1948a890ffa4c6_JC.exe
1268	4634d13360bfda692c1948a890ffa4c6_JC.exe
2120	4634d13360bfda692c1948a890ffa4c6_JC.exe
1968	4634d13360bfda692c1948a890ffa4c6_JC.exe
2348	4634d13360bfda692c1948a890ffa4c6_JC.exe
1952	4634d13360bfda692c1948a890ffa4c6_JC.exe
1096	4634d13360bfda692c1948a890ffa4c6_JC.exe
2116	4634d13360bfda692c1948a890ffa4c6_JC.exe
1032	4634d13360bfda692c1948a890ffa4c6_JC.exe
2224	4634d13360bfda692c1948a890ffa4c6_JC.exe
696	4634d13360bfda692c1948a890ffa4c6_JC.exe
1656	4634d13360bfda692c1948a890ffa4c6_JC.exe
2456	4634d13360bfda692c1948a890ffa4c6_JC.exe
1928	4634d13360bfda692c1948a890ffa4c6_JC.exe
2420	4634d13360bfda692c1948a890ffa4c6_JC.exe
1928	4634d13360bfda692c1948a890ffa4c6_JC.exe
2420	4634d13360bfda692c1948a890ffa4c6_JC.exe
2688	4634d13360bfda692c1948a890ffa4c6_JC.exe
2688	4634d13360bfda692c1948a890ffa4c6_JC.exe
1980	4634d13360bfda692c1948a890ffa4c6_JC.exe
1980	4634d13360bfda692c1948a890ffa4c6_JC.exe
792	4634d13360bfda692c1948a890ffa4c6_JC.exe
792	4634d13360bfda692c1948a890ffa4c6_JC.exe
2692	4634d13360bfda692c1948a890ffa4c6_JC.exe
2692	4634d13360bfda692c1948a890ffa4c6_JC.exe
2780	4634d13360bfda692c1948a890ffa4c6_JC.exe
1476	4634d13360bfda692c1948a890ffa4c6_JC.exe
2780	4634d13360bfda692c1948a890ffa4c6_JC.exe
1476	4634d13360bfda692c1948a890ffa4c6_JC.exe
1624	4634d13360bfda692c1948a890ffa4c6_JC.exe
1624	4634d13360bfda692c1948a890ffa4c6_JC.exe
1948	4634d13360bfda692c1948a890ffa4c6_JC.exe
1948	4634d13360bfda692c1948a890ffa4c6_JC.exe
1932	4634d13360bfda692c1948a890ffa4c6_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2600	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	28
PID 2012 wrote to memory of 2600	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	28
PID 2012 wrote to memory of 2600	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	28
PID 2012 wrote to memory of 2600	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	28
PID 2012 wrote to memory of 2456	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	29
PID 2012 wrote to memory of 2456	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	29
PID 2012 wrote to memory of 2456	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	29
PID 2012 wrote to memory of 2456	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	29
PID 2600 wrote to memory of 2688	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	30
PID 2600 wrote to memory of 2688	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	30
PID 2600 wrote to memory of 2688	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	30
PID 2600 wrote to memory of 2688	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	30
PID 2456 wrote to memory of 1032	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	32
PID 2456 wrote to memory of 1032	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	32
PID 2456 wrote to memory of 1032	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	32
PID 2456 wrote to memory of 1032	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	32
PID 2688 wrote to memory of 1656	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	31
PID 2688 wrote to memory of 1656	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	31
PID 2688 wrote to memory of 1656	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	31
PID 2688 wrote to memory of 1656	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	31
PID 2012 wrote to memory of 2780	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	34
PID 2012 wrote to memory of 2780	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	34
PID 2012 wrote to memory of 2780	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	34
PID 2012 wrote to memory of 2780	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	34
PID 2600 wrote to memory of 2692	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	33
PID 2600 wrote to memory of 2692	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	33
PID 2600 wrote to memory of 2692	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	33
PID 2600 wrote to memory of 2692	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	33
PID 1032 wrote to memory of 2120	1032	4634d13360bfda692c1948a890ffa4c6_JC.exe	35
PID 1032 wrote to memory of 2120	1032	4634d13360bfda692c1948a890ffa4c6_JC.exe	35
PID 1032 wrote to memory of 2120	1032	4634d13360bfda692c1948a890ffa4c6_JC.exe	35
PID 1032 wrote to memory of 2120	1032	4634d13360bfda692c1948a890ffa4c6_JC.exe	35
PID 1656 wrote to memory of 2348	1656	4634d13360bfda692c1948a890ffa4c6_JC.exe	36
PID 1656 wrote to memory of 2348	1656	4634d13360bfda692c1948a890ffa4c6_JC.exe	36
PID 1656 wrote to memory of 2348	1656	4634d13360bfda692c1948a890ffa4c6_JC.exe	36
PID 1656 wrote to memory of 2348	1656	4634d13360bfda692c1948a890ffa4c6_JC.exe	36
PID 2456 wrote to memory of 1476	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	40
PID 2456 wrote to memory of 1476	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	40
PID 2456 wrote to memory of 1476	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	40
PID 2456 wrote to memory of 1476	2456	4634d13360bfda692c1948a890ffa4c6_JC.exe	40
PID 2688 wrote to memory of 1272	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	37
PID 2688 wrote to memory of 1272	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	37
PID 2688 wrote to memory of 1272	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	37
PID 2688 wrote to memory of 1272	2688	4634d13360bfda692c1948a890ffa4c6_JC.exe	37
PID 2692 wrote to memory of 2192	2692	4634d13360bfda692c1948a890ffa4c6_JC.exe	38
PID 2692 wrote to memory of 2192	2692	4634d13360bfda692c1948a890ffa4c6_JC.exe	38
PID 2692 wrote to memory of 2192	2692	4634d13360bfda692c1948a890ffa4c6_JC.exe	38
PID 2692 wrote to memory of 2192	2692	4634d13360bfda692c1948a890ffa4c6_JC.exe	38
PID 2780 wrote to memory of 1792	2780	4634d13360bfda692c1948a890ffa4c6_JC.exe	39
PID 2780 wrote to memory of 1792	2780	4634d13360bfda692c1948a890ffa4c6_JC.exe	39
PID 2780 wrote to memory of 1792	2780	4634d13360bfda692c1948a890ffa4c6_JC.exe	39
PID 2780 wrote to memory of 1792	2780	4634d13360bfda692c1948a890ffa4c6_JC.exe	39
PID 2012 wrote to memory of 1432	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	41
PID 2012 wrote to memory of 1432	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	41
PID 2012 wrote to memory of 1432	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	41
PID 2012 wrote to memory of 1432	2012	4634d13360bfda692c1948a890ffa4c6_JC.exe	41
PID 2600 wrote to memory of 2528	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	42
PID 2600 wrote to memory of 2528	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	42
PID 2600 wrote to memory of 2528	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	42
PID 2600 wrote to memory of 2528	2600	4634d13360bfda692c1948a890ffa4c6_JC.exe	42
PID 2120 wrote to memory of 1268	2120	4634d13360bfda692c1948a890ffa4c6_JC.exe	43
PID 2120 wrote to memory of 1268	2120	4634d13360bfda692c1948a890ffa4c6_JC.exe	43
PID 2120 wrote to memory of 1268	2120	4634d13360bfda692c1948a890ffa4c6_JC.exe	43
PID 2120 wrote to memory of 1268	2120	4634d13360bfda692c1948a890ffa4c6_JC.exe	43

C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
"C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        10⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        10⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        10⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15692
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15168
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:12616
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15200
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:14388
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15628
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:14172
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:15508
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:18192
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        9⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15468
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:12208
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:18320
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15724
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:12640
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:12592
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:8244
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:14864
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:18064
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15828
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15120
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:12632
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:14972
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:12600
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:11540
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:15428
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15404
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:15884
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:8844
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:15336
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:14872
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:13868
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:14292
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:16684
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:15876
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
        5⤵
        
        PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:18136
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:16596
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:13884
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  PID:3948
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
      4⤵
      PID:16572
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:13920
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  PID:5784
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:16588
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  PID:8672
- - C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
    3⤵
    PID:18020
- C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4634d13360bfda692c1948a890ffa4c6_JC.exe"
  2⤵
  PID:15676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\indian kicking horse girls hotel .mpg.exe

Filesize
1.2MB

MD5
920c3e17c38d4842f78e63b8beb5ad56

SHA1
84e4f5c5f428ed0e058978983bb529bdf749912e

SHA256
e2768eb39abd4aa70671966f12a681002651fb417b089dd198c26f9a5d6495e0

SHA512
037e883b792fd4eb78372badd14120f9570e41d4f3c0fa412f361ff5bdf54b5bc5b8abc3cc2a7fab84587c498396198356313284ad3bb75b2c8385baea3c61ab

Download Submit