958d11fc5291780b66ed6888cdcc17d9b63986232e7bf098d44d5b2afeefe8c6

Analysis

max time kernel
46s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b48f3eca56819fe3b543670b918b3c9_JC.exe
Size

1.4MB
MD5

1b48f3eca56819fe3b543670b918b3c9
SHA1

992fa0997ccad73224130c84e33116f7b9716cd0
SHA256

958d11fc5291780b66ed6888cdcc17d9b63986232e7bf098d44d5b2afeefe8c6
SHA512

6fcaddc97e07b34b568d1f9b37eeed289d0dbfec0b1f4052f8a0d6b807a2bb81de6511bdfe5123a09d73a5a0247dafb6428397eb215f1a4e45c49302a969ea52
SSDEEP

24576:oWNVe227AUng/qJicU+sQZPXBFYuJnKw1KKTWkJ8Z8u6FidvWCY10z:V+FAUOkUMNXzxnJgU66c1WCY10z

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	1b48f3eca56819fe3b543670b918b3c9_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\X:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\H:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\J:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\L:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\M:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\K:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\O:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\Q:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\R:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\B:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\E:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\G:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\I:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\Y:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\U:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\A:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\P:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\S:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\T:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\N:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\W:	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File opened (read-only)	\??\Z:	1b48f3eca56819fe3b543670b918b3c9_JC.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish fucking hot (!) (Janette).mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese gang bang blowjob several models (Jade).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\cum beast hot (!) hole granny (Samantha).mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore masturbation 50+ .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian handjob blowjob masturbation (Janette).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\italian porn trambling licking hole bondage .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian porn sperm public hole hotel (Sylvia).zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm masturbation hole ejaculation (Curtney).mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian action fucking licking cock .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling big titts swallow .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse hot (!) cock mistress (Curtney).mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay lesbian titts girly .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese handjob beast full movie gorgeoushorny .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\bukkake hot (!) glans .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm hot (!) hole 40+ .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay masturbation gorgeoushorny .rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Google\Temp\beast hot (!) beautyfull .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish horse hardcore hot (!) shoes .rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish kicking hardcore sleeping .rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files\DVD Maker\Shared\russian cum trambling several models beautyfull .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian gang bang horse girls titts redhair (Sylvia).mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese fetish trambling big hole .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian animal gay hidden lady (Kathrin,Tatjana).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files\Windows Journal\Templates\fucking hot (!) hole ejaculation .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake hot (!) cock mistress .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish nude gay lesbian (Samantha).mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx voyeur glans .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian beastiality lingerie big bedroom .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\Downloaded Program Files\indian cum lesbian uncut .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling [bangbus] .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian voyeur leather (Jenna,Curtney).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling licking stockings .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\PLA\Templates\beastiality fucking licking ejaculation .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese nude blowjob hot (!) stockings (Gina,Tatjana).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian cumshot xxx hidden titts leather .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black kicking sperm uncut penetration .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese cumshot blowjob voyeur titts young (Samantha).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian fetish gay girls .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\bukkake voyeur (Curtney).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\SoftwareDistribution\Download\russian handjob hardcore girls sweet .mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\mssrv.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian cum trambling full movie penetration .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\temp\danish nude bukkake voyeur .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\trambling [free] titts ¼ç .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black horse hardcore [milf] ejaculation (Gina,Tatjana).zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american nude xxx lesbian hole stockings .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\trambling big glans stockings .avi.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish beastiality lesbian [milf] cock .rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black beastiality beast big (Karin).mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black kicking lesbian lesbian .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\tmp\gay hot (!) (Tatjana).mpg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\security\templates\lesbian masturbation feet mistress .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american cum lingerie hidden ejaculation .mpeg.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gay voyeur glans bondage (Tatjana).rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian beastiality hardcore several models hole .rar.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore sleeping 50+ .zip.exe	1b48f3eca56819fe3b543670b918b3c9_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2764	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2420	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1636	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2732	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1980	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2700	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2756	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe
324	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1768	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2120	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2420	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1724	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2764	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1264	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1168	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2060	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1732	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe
1624	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2340	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2340	1b48f3eca56819fe3b543670b918b3c9_JC.exe
812	1b48f3eca56819fe3b543670b918b3c9_JC.exe
812	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2028	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2028	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2100	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2100	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2412	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2412	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2256	1b48f3eca56819fe3b543670b918b3c9_JC.exe
2256	1b48f3eca56819fe3b543670b918b3c9_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2620	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	27
PID 2452 wrote to memory of 2620	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	27
PID 2452 wrote to memory of 2620	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	27
PID 2452 wrote to memory of 2620	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	27
PID 2620 wrote to memory of 2680	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	28
PID 2620 wrote to memory of 2680	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	28
PID 2620 wrote to memory of 2680	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	28
PID 2620 wrote to memory of 2680	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	28
PID 2452 wrote to memory of 2608	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	29
PID 2452 wrote to memory of 2608	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	29
PID 2452 wrote to memory of 2608	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	29
PID 2452 wrote to memory of 2608	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	29
PID 2608 wrote to memory of 2488	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	30
PID 2608 wrote to memory of 2488	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	30
PID 2608 wrote to memory of 2488	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	30
PID 2608 wrote to memory of 2488	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	30
PID 2620 wrote to memory of 2912	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	33
PID 2620 wrote to memory of 2912	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	33
PID 2620 wrote to memory of 2912	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	33
PID 2620 wrote to memory of 2912	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	33
PID 2452 wrote to memory of 2908	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	32
PID 2452 wrote to memory of 2908	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	32
PID 2452 wrote to memory of 2908	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	32
PID 2452 wrote to memory of 2908	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	32
PID 2680 wrote to memory of 2888	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	31
PID 2680 wrote to memory of 2888	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	31
PID 2680 wrote to memory of 2888	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	31
PID 2680 wrote to memory of 2888	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	31
PID 2608 wrote to memory of 2764	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	34
PID 2608 wrote to memory of 2764	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	34
PID 2608 wrote to memory of 2764	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	34
PID 2608 wrote to memory of 2764	2608	1b48f3eca56819fe3b543670b918b3c9_JC.exe	34
PID 2488 wrote to memory of 2420	2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe	35
PID 2488 wrote to memory of 2420	2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe	35
PID 2488 wrote to memory of 2420	2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe	35
PID 2488 wrote to memory of 2420	2488	1b48f3eca56819fe3b543670b918b3c9_JC.exe	35
PID 2620 wrote to memory of 1636	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	36
PID 2620 wrote to memory of 1636	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	36
PID 2620 wrote to memory of 1636	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	36
PID 2620 wrote to memory of 1636	2620	1b48f3eca56819fe3b543670b918b3c9_JC.exe	36
PID 2912 wrote to memory of 2732	2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe	41
PID 2912 wrote to memory of 2732	2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe	41
PID 2912 wrote to memory of 2732	2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe	41
PID 2912 wrote to memory of 2732	2912	1b48f3eca56819fe3b543670b918b3c9_JC.exe	41
PID 2888 wrote to memory of 1980	2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe	40
PID 2888 wrote to memory of 1980	2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe	40
PID 2888 wrote to memory of 1980	2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe	40
PID 2888 wrote to memory of 1980	2888	1b48f3eca56819fe3b543670b918b3c9_JC.exe	40
PID 2452 wrote to memory of 2756	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	39
PID 2452 wrote to memory of 2756	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	39
PID 2452 wrote to memory of 2756	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	39
PID 2452 wrote to memory of 2756	2452	1b48f3eca56819fe3b543670b918b3c9_JC.exe	39
PID 2680 wrote to memory of 2700	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	38
PID 2680 wrote to memory of 2700	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	38
PID 2680 wrote to memory of 2700	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	38
PID 2680 wrote to memory of 2700	2680	1b48f3eca56819fe3b543670b918b3c9_JC.exe	38
PID 2908 wrote to memory of 324	2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe	37
PID 2908 wrote to memory of 324	2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe	37
PID 2908 wrote to memory of 324	2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe	37
PID 2908 wrote to memory of 324	2908	1b48f3eca56819fe3b543670b918b3c9_JC.exe	37
PID 2420 wrote to memory of 1768	2420	1b48f3eca56819fe3b543670b918b3c9_JC.exe	45
PID 2420 wrote to memory of 1768	2420	1b48f3eca56819fe3b543670b918b3c9_JC.exe	45
PID 2420 wrote to memory of 1768	2420	1b48f3eca56819fe3b543670b918b3c9_JC.exe	45
PID 2420 wrote to memory of 1768	2420	1b48f3eca56819fe3b543670b918b3c9_JC.exe	45

C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
"C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        9⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        9⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:10356
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13836
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:10988
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13596
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:15172
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3612
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:12336
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13540
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:11260
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        9⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:11084
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:9484
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13652
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:10308
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:8900
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:12672
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:15200
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        7⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:15156
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:14976
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13868
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:11944
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13948
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:11520
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:12664
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:712
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:12800
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:9784
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13412
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:12516
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:9528
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:15312
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:13940
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:3264
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  PID:1488
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:11284
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:14632
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:13604
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
      4⤵
      PID:12784
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:12648
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  PID:5960
- - C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
    3⤵
    PID:13628
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  PID:9296
- C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\1b48f3eca56819fe3b543670b918b3c9_JC.exe"
  2⤵
  PID:8228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\sperm hot (!) hole 40+ .zip.exe

Filesize
349KB

MD5
0d0c5e2a947e64e38aff3ef28b635f6c

SHA1
4ac169c68ec2b99ae266f1a9f2264be07bfb760d

SHA256
146592be9203c6d3fcf6133639738f4a4719c6e9b22893c7781db221fe66c0dc

SHA512
b1fbc7d4d8486fef847ca7e101284c12e6fafac292ba221466b5e189eff2f5593f8740ffcaace4b1b71382e154e2b9742904d41807b476dd67025ff7e2fd67af

Download Submit
memory/324-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/324-85-0x0000000004810000-0x000000000483B000-memory.dmp

Filesize
172KB

Download
memory/324-123-0x0000000004950000-0x000000000497B000-memory.dmp

Filesize
172KB

Download
memory/812-125-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/1168-110-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/1264-108-0x00000000047C0000-0x00000000047EB000-memory.dmp

Filesize
172KB

Download
memory/1348-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1624-118-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/1636-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1636-68-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-80-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-106-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/1732-112-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/1768-78-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1768-94-0x00000000047E0000-0x000000000480B000-memory.dmp

Filesize
172KB

Download
memory/1780-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-69-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2028-129-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2060-109-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2100-84-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2120-79-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2120-138-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/2120-88-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2172-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2240-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2340-126-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2420-67-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2420-89-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2420-77-0x0000000004510000-0x000000000453B000-memory.dmp

Filesize
172KB

Download
memory/2420-137-0x0000000004510000-0x000000000453B000-memory.dmp

Filesize
172KB

Download
memory/2452-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2452-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2452-32-0x0000000004C40000-0x0000000004C6B000-memory.dmp

Filesize
172KB

Download
memory/2488-111-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2488-59-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2488-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2608-34-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2608-58-0x0000000004580000-0x00000000045AB000-memory.dmp

Filesize
172KB

Download
memory/2608-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2608-95-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2620-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2620-29-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/2620-127-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/2680-30-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2680-119-0x0000000004940000-0x000000000496B000-memory.dmp

Filesize
172KB

Download
memory/2680-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2700-70-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2700-122-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2700-83-0x0000000004900000-0x000000000492B000-memory.dmp

Filesize
172KB

Download
memory/2732-121-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/2732-71-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2756-82-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/2756-72-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2764-93-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2764-66-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2764-139-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2888-61-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2908-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2908-120-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2912-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2912-60-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2912-107-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download