730a53e01d0b79f83223bc08dbe0145b78f6cd735407d073d104c8625182b9c5

Analysis

max time kernel
21s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

484e733c82b00366cbaba5baa7e6ec72_JC.exe
Size

801KB
MD5

484e733c82b00366cbaba5baa7e6ec72
SHA1

5e9eb7af894586d408b82a0b98a7d06b4cf5ff92
SHA256

730a53e01d0b79f83223bc08dbe0145b78f6cd735407d073d104c8625182b9c5
SHA512

d491d78a4cd5d61c41b739c2277bfd81ec2620e244be2703637105cbc1c9ccf7067a94f76eadf0d597dd11761e908a47a7a46bb66f77139e40e737e9a047854e
SSDEEP

12288:CEQoSsQMhJxjSysXTnsiMGfJDCEE/2CZ1cKUWd53/6aQc8XZqe8o2It336kzFlWn:CEriTnDJBW1cKnd16aGZR8zIt336kz30

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1920-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000015c87-5.dat	upx
behavioral1/memory/2824-11-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1920-12-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2380-52-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2420-53-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2128-54-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2540-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/516-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1224-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1920-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2768-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2780-63-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3024-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2824-66-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1940-65-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2628-67-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2748-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1976-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2444-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2380-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1224-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/828-87-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2424-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1356-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1108-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1460-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1216-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1400-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2992-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2840-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1464-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1288-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1904-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2740-113-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1552-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2640-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2972-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1980-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1604-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2368-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1088-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1288-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1692-125-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1920-174-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\J:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\R:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\U:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\W:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\Z:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\L:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\P:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\T:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\V:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\Q:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\S:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\A:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\B:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\E:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\I:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\K:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\M:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\Y:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\H:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\N:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\O:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\X:	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\tyrkish handjob bukkake lesbian .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay masturbation hole mistress .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\bukkake full movie traffic .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm hidden titts (Sonja,Liz).mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian horse lingerie public beautyfull .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Google\Temp\indian fetish beast several models cock (Britney,Samantha).avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese fetish beast hidden cock .mpg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake hot (!) .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\hardcore voyeur boots .rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore full movie feet redhair .rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\black gang bang blowjob [free] titts .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\DVD Maker\Shared\fucking uncut hole .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian cumshot lingerie lesbian hole (Anniston,Sarah).zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\beast uncut .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lesbian girls .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish fetish xxx girls cock shoes .rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian kicking trambling licking .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\Downloaded Program Files\japanese gang bang lingerie voyeur .rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian action xxx [milf] titts high heels (Sylvia).zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish porn bukkake hot (!) cock (Ashley,Samantha).avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast voyeur circumcision .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish cumshot trambling hidden bedroom .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian cumshot lesbian girls .rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish handjob hardcore [bangbus] feet .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian handjob gay hot (!) hole .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\temp\american animal beast several models mistress .mpg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\tmp\russian cum horse public 40+ .mpg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beastiality gay several models sweet .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore sleeping fishy .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian gang bang trambling catfight (Janette).rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian nude beast masturbation feet .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\xxx lesbian upskirt (Jenna,Karin).mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Windows\mssrv.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe
516	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1224	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2628	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2748	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe
516	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2780	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3024	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2768	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1976	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1940	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe
828	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2424	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1224	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1356	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1460	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1216	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1108	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1400	484e733c82b00366cbaba5baa7e6ec72_JC.exe
516	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2992	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2316	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1464	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1464	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2840	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2840	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1904	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1904	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2740	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2740	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2628	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2628	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1552	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1552	484e733c82b00366cbaba5baa7e6ec72_JC.exe
2368	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2540	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	28
PID 1920 wrote to memory of 2540	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	28
PID 1920 wrote to memory of 2540	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	28
PID 1920 wrote to memory of 2540	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	28
PID 2540 wrote to memory of 2824	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	29
PID 2540 wrote to memory of 2824	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	29
PID 2540 wrote to memory of 2824	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	29
PID 2540 wrote to memory of 2824	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	29
PID 1920 wrote to memory of 2444	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	30
PID 1920 wrote to memory of 2444	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	30
PID 1920 wrote to memory of 2444	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	30
PID 1920 wrote to memory of 2444	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	30
PID 2540 wrote to memory of 2380	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	31
PID 2540 wrote to memory of 2380	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	31
PID 2540 wrote to memory of 2380	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	31
PID 2540 wrote to memory of 2380	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	31
PID 2444 wrote to memory of 2420	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	33
PID 2444 wrote to memory of 2420	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	33
PID 2444 wrote to memory of 2420	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	33
PID 2444 wrote to memory of 2420	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	33
PID 2824 wrote to memory of 2128	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	34
PID 2824 wrote to memory of 2128	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	34
PID 2824 wrote to memory of 2128	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	34
PID 2824 wrote to memory of 2128	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	34
PID 1920 wrote to memory of 516	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	32
PID 1920 wrote to memory of 516	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	32
PID 1920 wrote to memory of 516	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	32
PID 1920 wrote to memory of 516	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	32
PID 2380 wrote to memory of 1224	2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe	35
PID 2380 wrote to memory of 1224	2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe	35
PID 2380 wrote to memory of 1224	2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe	35
PID 2380 wrote to memory of 1224	2380	484e733c82b00366cbaba5baa7e6ec72_JC.exe	35
PID 2128 wrote to memory of 2748	2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe	39
PID 2128 wrote to memory of 2748	2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe	39
PID 2128 wrote to memory of 2748	2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe	39
PID 2128 wrote to memory of 2748	2128	484e733c82b00366cbaba5baa7e6ec72_JC.exe	39
PID 2540 wrote to memory of 2628	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	38
PID 2540 wrote to memory of 2628	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	38
PID 2540 wrote to memory of 2628	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	38
PID 2540 wrote to memory of 2628	2540	484e733c82b00366cbaba5baa7e6ec72_JC.exe	38
PID 2420 wrote to memory of 2780	2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe	37
PID 2420 wrote to memory of 2780	2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe	37
PID 2420 wrote to memory of 2780	2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe	37
PID 2420 wrote to memory of 2780	2420	484e733c82b00366cbaba5baa7e6ec72_JC.exe	37
PID 2444 wrote to memory of 2768	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	36
PID 2444 wrote to memory of 2768	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	36
PID 2444 wrote to memory of 2768	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	36
PID 2444 wrote to memory of 2768	2444	484e733c82b00366cbaba5baa7e6ec72_JC.exe	36
PID 516 wrote to memory of 3024	516	484e733c82b00366cbaba5baa7e6ec72_JC.exe	42
PID 516 wrote to memory of 3024	516	484e733c82b00366cbaba5baa7e6ec72_JC.exe	42
PID 516 wrote to memory of 3024	516	484e733c82b00366cbaba5baa7e6ec72_JC.exe	42
PID 516 wrote to memory of 3024	516	484e733c82b00366cbaba5baa7e6ec72_JC.exe	42
PID 1920 wrote to memory of 1976	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	41
PID 1920 wrote to memory of 1976	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	41
PID 1920 wrote to memory of 1976	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	41
PID 1920 wrote to memory of 1976	1920	484e733c82b00366cbaba5baa7e6ec72_JC.exe	41
PID 2824 wrote to memory of 1940	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	40
PID 2824 wrote to memory of 1940	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	40
PID 2824 wrote to memory of 1940	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	40
PID 2824 wrote to memory of 1940	2824	484e733c82b00366cbaba5baa7e6ec72_JC.exe	40
PID 1224 wrote to memory of 828	1224	484e733c82b00366cbaba5baa7e6ec72_JC.exe	44
PID 1224 wrote to memory of 828	1224	484e733c82b00366cbaba5baa7e6ec72_JC.exe	44
PID 1224 wrote to memory of 828	1224	484e733c82b00366cbaba5baa7e6ec72_JC.exe	44
PID 1224 wrote to memory of 828	1224	484e733c82b00366cbaba5baa7e6ec72_JC.exe	44

C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
"C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10188
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        8⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11388
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10988
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10036
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10564
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7688
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:11856
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10144
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7720
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:13016
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11096
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:6528
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:9560
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:516
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:1824
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10128
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:13056
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:12360
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7764
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:10600
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11048
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:12808
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:8104
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:12728
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:13048
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:12712
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:5444
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:9800
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:13040
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:6192
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:11004
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:3760
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:5460
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:10516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian horse lingerie public beautyfull .mpeg.exe

Filesize
1.1MB

MD5
0e2da10cb0336e62b1f6b3459da91606

SHA1
117df455c0b943a4310527270214a4d442fa4bd6

SHA256
848d11f18624615116428d0de01bc532a58842013b1c6c546b7d53318cafcb2e

SHA512
bf95428f591d983f2d3ad99a99f24bc70af081e98eadfab637af74b6af583931e3e0712533e60c58a5d3aaba4d1551283e75daeb0bf74480112997dfb329a78c

Download Submit
memory/516-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/828-87-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1088-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1108-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1216-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1224-81-0x0000000004A40000-0x0000000004A5F000-memory.dmp

Filesize
124KB

Download
memory/1224-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1224-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1288-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1288-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1356-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1400-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1460-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1464-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1552-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1692-125-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1920-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1920-71-0x00000000047B0000-0x00000000047CF000-memory.dmp

Filesize
124KB

Download
memory/1920-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1920-12-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1920-174-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1940-117-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/1940-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1940-104-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/1976-106-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/1976-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-119-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/1980-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2128-79-0x0000000002090000-0x00000000020AF000-memory.dmp

Filesize
124KB

Download
memory/2128-54-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2128-59-0x0000000002090000-0x00000000020AF000-memory.dmp

Filesize
124KB

Download
memory/2368-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2380-52-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2380-72-0x00000000044C0000-0x00000000044DF000-memory.dmp

Filesize
124KB

Download
memory/2380-77-0x0000000000540000-0x000000000055F000-memory.dmp

Filesize
124KB

Download
memory/2380-82-0x00000000044C0000-0x00000000044DF000-memory.dmp

Filesize
124KB

Download
memory/2380-116-0x00000000044C0000-0x00000000044DF000-memory.dmp

Filesize
124KB

Download
memory/2380-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2420-80-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2420-53-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2424-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2444-56-0x0000000001F20000-0x0000000001F3F000-memory.dmp

Filesize
124KB

Download
memory/2444-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2540-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2540-51-0x0000000004950000-0x000000000496F000-memory.dmp

Filesize
124KB

Download
memory/2540-61-0x0000000004950000-0x000000000496F000-memory.dmp

Filesize
124KB

Download
memory/2628-103-0x0000000004510000-0x000000000452F000-memory.dmp

Filesize
124KB

Download
memory/2628-91-0x0000000004510000-0x000000000452F000-memory.dmp

Filesize
124KB

Download
memory/2628-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2640-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2740-113-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2748-110-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2748-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2748-95-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2768-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2780-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2824-98-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/2824-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2824-11-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2840-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2972-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2992-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3024-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3024-109-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download