930d94a60a61bb74ffb823699d7146018d076d090aa1ef9f3c98f19975b59c79

Analysis

max time kernel
14s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
Size

267KB
MD5

0c0a5446fd8136324d9b4c7a303bdfa0
SHA1

947504833c12a573492dfcc3f1830fa5a7e0aac8
SHA256

930d94a60a61bb74ffb823699d7146018d076d090aa1ef9f3c98f19975b59c79
SHA512

9f5dbbb722d0e41f41ea9ccff8e685692c61b77ffecb3f1e317534fd22cf4563952e67af2af6216663c1a6861ec18e5b673b1f9a9cdb96ee6749145105c6b724
SSDEEP

6144:aDOxZXrSHXUTstCdAzVe2N4FsoEBDZYvYF7s/sR2l:lXa8st702GKfBmvM7s/nl

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\K:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\M:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\T:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\V:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\W:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\A:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\B:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\L:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\Q:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\H:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\N:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\R:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\S:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\X:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\Y:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\Z:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\E:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\G:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\J:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\O:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\P:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File opened (read-only)	\??\U:	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake xxx uncut traffic .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude nude sleeping hole hairy (Sandy,Sylvia).rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\System32\DriverStore\Temp\horse lingerie [bangbus] .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\malaysia action cum big femdom .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian gang bang public ash gorgeoushorny .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish hardcore horse big legs girly (Jenna,Britney).avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian sperm masturbation balls .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\sperm public boobs .mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\brasilian horse sperm full movie castration .mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\nude hardcore girls 50+ .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking hardcore licking .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie hardcore [milf] vagina penetration .mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish porn gay licking (Kathrin,Tatjana).avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\kicking masturbation 40+ .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files\DVD Maker\Shared\beast handjob [free] .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files\Windows Journal\Templates\tyrkish kicking horse masturbation traffic .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Google\Temp\porn big .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish xxx horse big gorgeoushorny (Sonja).zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese sperm catfight (Melissa,Anniston).zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian sperm licking .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian lesbian public .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\hardcore voyeur (Jenna).zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\action blowjob voyeur ash hairy .mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\canadian gang bang licking cock upskirt .mpg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian hardcore catfight .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\PLA\Templates\black beast bukkake hot (!) ash boots .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian trambling beast voyeur beautyfull (Curtney).mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\tmp\asian xxx voyeur swallow (Kathrin).rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian bukkake lingerie several models boobs circumcision .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish fucking trambling public young (Sandy).mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\kicking hardcore full movie hotel .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\german handjob bukkake hot (!) (Sonja).mpg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\security\templates\lesbian uncut glans mistress .mpg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\spanish sperm kicking public ash girly .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish fetish beast masturbation glans granny (Sarah,Melissa).mpg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fetish sleeping fishy .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\Downloaded Program Files\american fucking horse girls circumcision (Liz,Sonja).rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian porn horse licking .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\african fetish big nipples granny .mpg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish gay porn [milf] titts 50+ (Sonja,Sonja).mpeg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\mssrv.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia cumshot horse voyeur fishy .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay big bedroom .zip.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\temp\norwegian gang bang lesbian several models nipples leather .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian horse lesbian leather .mpg.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\SoftwareDistribution\Download\cumshot trambling sleeping .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish horse lesbian ejaculation (Gina,Sarah).rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american xxx sleeping .rar.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\kicking hot (!) nipples .avi.exe	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1180	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
3004	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2228	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1064	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2392	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1412	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2600	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1180	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2616	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2108	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1624	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1072	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
3004	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2228	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2308	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2224	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2744	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2832	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2392	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1064	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1920	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
632	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
812	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
944	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1544	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
396	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2660	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	28
PID 2804 wrote to memory of 2660	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	28
PID 2804 wrote to memory of 2660	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	28
PID 2804 wrote to memory of 2660	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	28
PID 2660 wrote to memory of 2596	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	29
PID 2660 wrote to memory of 2596	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	29
PID 2660 wrote to memory of 2596	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	29
PID 2660 wrote to memory of 2596	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	29
PID 2804 wrote to memory of 2588	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	30
PID 2804 wrote to memory of 2588	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	30
PID 2804 wrote to memory of 2588	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	30
PID 2804 wrote to memory of 2588	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	30
PID 2660 wrote to memory of 472	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	31
PID 2660 wrote to memory of 472	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	31
PID 2660 wrote to memory of 472	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	31
PID 2660 wrote to memory of 472	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	31
PID 2588 wrote to memory of 680	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	33
PID 2588 wrote to memory of 680	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	33
PID 2588 wrote to memory of 680	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	33
PID 2588 wrote to memory of 680	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	33
PID 2596 wrote to memory of 1180	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	32
PID 2596 wrote to memory of 1180	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	32
PID 2596 wrote to memory of 1180	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	32
PID 2596 wrote to memory of 1180	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	32
PID 2804 wrote to memory of 1460	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	34
PID 2804 wrote to memory of 1460	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	34
PID 2804 wrote to memory of 1460	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	34
PID 2804 wrote to memory of 1460	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	34
PID 472 wrote to memory of 3004	472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	35
PID 472 wrote to memory of 3004	472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	35
PID 472 wrote to memory of 3004	472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	35
PID 472 wrote to memory of 3004	472	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	35
PID 2660 wrote to memory of 2228	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	36
PID 2660 wrote to memory of 2228	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	36
PID 2660 wrote to memory of 2228	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	36
PID 2660 wrote to memory of 2228	2660	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	36
PID 680 wrote to memory of 2392	680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	37
PID 680 wrote to memory of 2392	680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	37
PID 680 wrote to memory of 2392	680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	37
PID 680 wrote to memory of 2392	680	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	37
PID 2588 wrote to memory of 1064	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	39
PID 2588 wrote to memory of 1064	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	39
PID 2588 wrote to memory of 1064	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	39
PID 2588 wrote to memory of 1064	2588	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	39
PID 2596 wrote to memory of 1412	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	38
PID 2596 wrote to memory of 1412	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	38
PID 2596 wrote to memory of 1412	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	38
PID 2596 wrote to memory of 1412	2596	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	38
PID 1460 wrote to memory of 2616	1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	42
PID 1460 wrote to memory of 2616	1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	42
PID 1460 wrote to memory of 2616	1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	42
PID 1460 wrote to memory of 2616	1460	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	42
PID 1180 wrote to memory of 2600	1180	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	41
PID 1180 wrote to memory of 2600	1180	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	41
PID 1180 wrote to memory of 2600	1180	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	41
PID 1180 wrote to memory of 2600	1180	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	41
PID 2804 wrote to memory of 2108	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	40
PID 2804 wrote to memory of 2108	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	40
PID 2804 wrote to memory of 2108	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	40
PID 2804 wrote to memory of 2108	2804	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	40
PID 3004 wrote to memory of 1624	3004	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	43
PID 3004 wrote to memory of 1624	3004	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	43
PID 3004 wrote to memory of 1624	3004	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	43
PID 3004 wrote to memory of 1624	3004	0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe	43

C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:12232
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:472
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:8980
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:12756
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:12632
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:7740
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:6208
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:8324
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:11452
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        7⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:11704
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:12212
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:12608
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:4472
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:6128
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:11460
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:13096
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:10940
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:9868
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:5752
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:13188
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:5848
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:11484
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:9544
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
        5⤵
        
        PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:13024
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:4300
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:6612
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:9968
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:840
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
      4⤵
      PID:13196
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:6812
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:8448
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  PID:1080
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:5180
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:6200
- - C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
    3⤵
    PID:11412
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  PID:6852
- C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\0c0a5446fd8136324d9b4c7a303bdfa0_JC.exe"
  2⤵
  PID:10552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish porn gay licking (Kathrin,Tatjana).avi.exe

Filesize
447KB

MD5
1cc4bf4c89d8de4d77eea4f42da674b4

SHA1
9ce2d3712c372fa54f3f09269ca4fd111e231d4b

SHA256
c52428c0d07f12ceeec900c2181193a26cf270d47857cdd970961a9cb16e99bf

SHA512
c83f7eadb4a8838613b6117f8d5a454ab65f022b4579c6bebd8404ba1ea37e16ff3dc431c6cdfef1058963bbe01adf5a4f6d1afaf026305786bf3296a8154aac

Download Submit
memory/320-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/396-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/472-129-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/472-134-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/472-84-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/632-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/680-85-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/680-64-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/812-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/944-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1064-78-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1072-94-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1180-65-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1180-87-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1412-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1452-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1460-111-0x00000000045D0000-0x00000000045EC000-memory.dmp

Filesize
112KB

Download
memory/1460-89-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1460-66-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1544-120-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1624-88-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1624-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1680-121-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1688-124-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1964-159-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2056-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-81-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2156-131-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-127-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2224-96-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2228-75-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2308-95-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-125-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2380-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2392-91-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2392-77-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2500-158-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2508-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2588-26-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2588-63-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/2588-73-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2596-71-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2600-80-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2616-82-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2628-137-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-76-0x0000000004470000-0x000000000448C000-memory.dmp

Filesize
112KB

Download
memory/2660-90-0x0000000004470000-0x000000000448C000-memory.dmp

Filesize
112KB

Download
memory/2660-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2732-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2744-128-0x0000000004570000-0x000000000458C000-memory.dmp

Filesize
112KB

Download
memory/2744-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2744-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2804-25-0x00000000050F0000-0x000000000510C000-memory.dmp

Filesize
112KB

Download
memory/2804-61-0x0000000004C30000-0x0000000004C4C000-memory.dmp

Filesize
112KB

Download
memory/2804-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2804-27-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2804-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2804-10-0x0000000004C30000-0x0000000004C4C000-memory.dmp

Filesize
112KB

Download
memory/2804-83-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2804-72-0x00000000050F0000-0x000000000510C000-memory.dmp

Filesize
112KB

Download
memory/2804-98-0x00000000051F0000-0x000000000520C000-memory.dmp

Filesize
112KB

Download
memory/2832-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2904-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2988-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3004-74-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download