730a53e01d0b79f83223bc08dbe0145b78f6cd735407d073d104c8625182b9c5

Analysis

max time kernel
154s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

484e733c82b00366cbaba5baa7e6ec72_JC.exe
Size

801KB
MD5

484e733c82b00366cbaba5baa7e6ec72
SHA1

5e9eb7af894586d408b82a0b98a7d06b4cf5ff92
SHA256

730a53e01d0b79f83223bc08dbe0145b78f6cd735407d073d104c8625182b9c5
SHA512

d491d78a4cd5d61c41b739c2277bfd81ec2620e244be2703637105cbc1c9ccf7067a94f76eadf0d597dd11761e908a47a7a46bb66f77139e40e737e9a047854e
SSDEEP

12288:CEQoSsQMhJxjSysXTnsiMGfJDCEE/2CZ1cKUWd53/6aQc8XZqe8o2It336kzFlWn:CEriTnDJBW1cKnd16aGZR8zIt336kz30

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	484e733c82b00366cbaba5baa7e6ec72_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	484e733c82b00366cbaba5baa7e6ec72_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	484e733c82b00366cbaba5baa7e6ec72_JC.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3520-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x000700000002322f-5.dat	upx
behavioral2/memory/3520-10-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4848-11-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3520-26-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1652-27-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1304-38-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3816-39-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4024-40-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3704-41-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4760-43-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4064-44-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5020-48-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4848-47-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4824-49-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2932-50-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4652-52-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4668-51-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2860-53-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4744-54-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4680-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2756-56-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/208-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1304-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4024-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3648-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4364-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1976-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3704-61-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4136-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3828-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4064-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2932-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4468-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1368-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3908-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4616-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1696-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1504-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1624-103-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4744-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4748-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1300-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4388-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5160-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5200-113-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5360-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5252-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5240-125-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5520-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5404-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3520-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5564-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5572-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5732-157-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5580-152-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/208-205-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4136-209-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3828-216-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3520-231-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5740-230-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1504-228-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\N:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\V:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\B:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\E:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\R:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\T:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\U:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\X:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\Z:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\G:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\H:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\M:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\S:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\A:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\I:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\K:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\L:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\O:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\P:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\Q:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\W:	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File opened (read-only)	\??\Y:	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\action porn masturbation .rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C82D344-D562-4E56-97D6-8E949E6EFB92}\EDGEMITMP_2F938.tmp\british fetish uncut ash bedroom (Liz).avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft\Temp\british fetish kicking licking .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\nude [free] 40+ .mpg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\norwegian fucking [bangbus] beautyfull .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\german porn big ¼ë (Britney,Melissa).avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish xxx hardcore full movie .avi.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian bukkake bukkake [free] titts girly .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\handjob lesbian lesbian YEâPSè& .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian action full movie castration (Jade).mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\american fucking fucking public pregnant (Ashley,Ashley).rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish gay kicking several models gorgeoushorny .mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\porn beastiality [bangbus] traffic .mpg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\british lesbian trambling sleeping .zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Microsoft Office\root\Templates\porn cumshot hot (!) (Tatjana,Karin).rar.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black fetish big vagina lady (Sandy,Sarah).zip.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian hardcore [bangbus] titts (Sonja,Jenna).mpeg.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3816	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3816	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe
3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe
4760	484e733c82b00366cbaba5baa7e6ec72_JC.exe
4760	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe
1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 1652	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	85
PID 3520 wrote to memory of 1652	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	85
PID 3520 wrote to memory of 1652	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	85
PID 3520 wrote to memory of 3816	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	86
PID 3520 wrote to memory of 3816	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	86
PID 3520 wrote to memory of 3816	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	86
PID 1652 wrote to memory of 4760	1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe	87
PID 1652 wrote to memory of 4760	1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe	87
PID 1652 wrote to memory of 4760	1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe	87
PID 3520 wrote to memory of 4848	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	88
PID 3520 wrote to memory of 4848	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	88
PID 3520 wrote to memory of 4848	3520	484e733c82b00366cbaba5baa7e6ec72_JC.exe	88
PID 1652 wrote to memory of 4824	1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe	89
PID 1652 wrote to memory of 4824	1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe	89
PID 1652 wrote to memory of 4824	1652	484e733c82b00366cbaba5baa7e6ec72_JC.exe	89
PID 3816 wrote to memory of 4668	3816	484e733c82b00366cbaba5baa7e6ec72_JC.exe	90
PID 3816 wrote to memory of 4668	3816	484e733c82b00366cbaba5baa7e6ec72_JC.exe	90
PID 3816 wrote to memory of 4668	3816	484e733c82b00366cbaba5baa7e6ec72_JC.exe	90

C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
"C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10964
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        7⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10440
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:13784
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10740
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10512
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:9260
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11688
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7484
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:9800
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:13140
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3816
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11008
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10300
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11832
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10504
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7652
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:10024
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:9312
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:1172
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11252
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7636
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11244
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7792
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:10168
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7604
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:4680
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
        5⤵
        
        PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:12032
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10520
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:10308
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:11640
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:9668
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:12772
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:4744
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:9520
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
      4⤵
      PID:12388
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:8204
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:10748
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:1504
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7716
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:10108
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7548
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:5944
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:10196
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:7844
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:7040
- - C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
    3⤵
    PID:13332
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:9144
- C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\484e733c82b00366cbaba5baa7e6ec72_JC.exe"
  2⤵
  PID:60

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish gay kicking several models gorgeoushorny .mpeg.exe

Filesize
470KB

MD5
9e9f986e109c0775797890caf10d9b56

SHA1
26488c0b2c812b90f1cadf80687560bf0ff41932

SHA256
3174652692e55d23144fb5efb613c3027da430b15c7e86bfb1b0bb03833de920

SHA512
5c7a3e5bcd299d1ab151ddcca7e79eb6a978869b75751dbe6c127df9f0a038b0dff1bdb6219f2c7a3395952ddc21653fcbeacd16f8f71cbff5d8b458ed09f7ed

Download Submit
memory/208-205-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/208-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1300-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1304-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1304-38-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1368-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1504-228-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1504-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1624-103-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1652-27-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1696-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2756-56-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2860-53-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2932-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2932-50-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3520-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3520-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3520-10-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3520-26-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3520-231-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3648-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3704-41-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3704-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3816-39-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3828-216-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3828-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3908-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4024-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4024-40-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4064-44-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4064-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4136-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4136-209-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4364-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4388-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4468-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4616-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4652-52-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4668-51-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4680-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4744-54-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4744-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4748-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4760-43-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4824-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4848-11-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4848-47-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5020-48-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5160-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5200-113-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5240-125-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5252-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5360-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5404-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5520-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5564-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5572-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5580-152-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5732-157-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5740-230-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download