74400de6b46d453421e9acd318fcb526161ed6cd24e686c5d76e7eb484388baf

Analysis

max time kernel
130s
max time network
46s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fed0ab71a623bc98a5d70be5952de36_JC.exe
Size

391KB
MD5

9fed0ab71a623bc98a5d70be5952de36
SHA1

ec7890cf759bc063046ca34fb5da4e3cb7743be2
SHA256

74400de6b46d453421e9acd318fcb526161ed6cd24e686c5d76e7eb484388baf
SHA512

a8e353736a14b6652d82fb579b391a319544409500c0eb3f3b9111b5fc5214b68b05435288ad6ff495049b165acd291433347113aabc6ffa69e63dacc6e0088d
SSDEEP

6144:zXC4vgmhbIxs3NBBcAKdmqxgXpv6geA9//BucEl5COt8Xwfq2CHa+yF07N8Y3+m8:zXCNi9Bejnx21zZBAvl+yqgj+5x3fe

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\W:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\Z:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\J:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\K:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\L:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\P:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\X:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\E:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\H:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\Q:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\R:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\U:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\Y:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\G:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\I:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\N:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\T:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\S:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\A:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\B:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\M:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\O:	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gang bang lesbian .zip.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\malaysia gang bang blowjob uncut (Christine).mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\asian beastiality [milf] feet beautyfull .avi.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse handjob hidden lady (Curtney).mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx cumshot [milf] ejaculation .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Google\Temp\asian kicking uncut .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\asian beastiality xxx lesbian feet .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british gang bang lesbian .mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\DVD Maker\Shared\swedish sperm uncut .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beastiality full movie young .mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish lesbian trambling masturbation upskirt .avi.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\chinese sperm fetish sleeping .mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\porn hardcore [free] nipples .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Windows Journal\Templates\brasilian lingerie [bangbus] .zip.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay action girls (Janette).mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian beastiality public upskirt .mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse big 40+ .mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob uncut 50+ .mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\action bukkake uncut .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish blowjob fetish [bangbus] .mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm gang bang [free] cock beautyfull .mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Windows\mssrv.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2992	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2704	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1276	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1672	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2528	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2396	9fed0ab71a623bc98a5d70be5952de36_JC.exe
584	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2636	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2692	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1100	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2992	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2704	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1392	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1320	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1276	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1672	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2072	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2556	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1268	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3060	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2396	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2272	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2528	9fed0ab71a623bc98a5d70be5952de36_JC.exe
584	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1840	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2036	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2412	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2336	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2636	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2932	9fed0ab71a623bc98a5d70be5952de36_JC.exe
2932	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1912	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1912	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1528	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1528	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1648	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1648	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1032	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2620	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	27
PID 2564 wrote to memory of 2620	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	27
PID 2564 wrote to memory of 2620	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	27
PID 2564 wrote to memory of 2620	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	27
PID 2620 wrote to memory of 2632	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	28
PID 2620 wrote to memory of 2632	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	28
PID 2620 wrote to memory of 2632	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	28
PID 2620 wrote to memory of 2632	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	28
PID 2564 wrote to memory of 2572	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	29
PID 2564 wrote to memory of 2572	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	29
PID 2564 wrote to memory of 2572	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	29
PID 2564 wrote to memory of 2572	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	29
PID 2632 wrote to memory of 3068	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	30
PID 2632 wrote to memory of 3068	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	30
PID 2632 wrote to memory of 3068	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	30
PID 2632 wrote to memory of 3068	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	30
PID 2572 wrote to memory of 2992	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	31
PID 2572 wrote to memory of 2992	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	31
PID 2572 wrote to memory of 2992	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	31
PID 2572 wrote to memory of 2992	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	31
PID 2620 wrote to memory of 2296	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	32
PID 2620 wrote to memory of 2296	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	32
PID 2620 wrote to memory of 2296	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	32
PID 2620 wrote to memory of 2296	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	32
PID 2564 wrote to memory of 2704	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	33
PID 2564 wrote to memory of 2704	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	33
PID 2564 wrote to memory of 2704	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	33
PID 2564 wrote to memory of 2704	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	33
PID 3068 wrote to memory of 1672	3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe	34
PID 3068 wrote to memory of 1672	3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe	34
PID 3068 wrote to memory of 1672	3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe	34
PID 3068 wrote to memory of 1672	3068	9fed0ab71a623bc98a5d70be5952de36_JC.exe	34
PID 2296 wrote to memory of 1276	2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe	35
PID 2296 wrote to memory of 1276	2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe	35
PID 2296 wrote to memory of 1276	2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe	35
PID 2296 wrote to memory of 1276	2296	9fed0ab71a623bc98a5d70be5952de36_JC.exe	35
PID 2620 wrote to memory of 2528	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	36
PID 2620 wrote to memory of 2528	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	36
PID 2620 wrote to memory of 2528	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	36
PID 2620 wrote to memory of 2528	2620	9fed0ab71a623bc98a5d70be5952de36_JC.exe	36
PID 2572 wrote to memory of 2396	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	37
PID 2572 wrote to memory of 2396	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	37
PID 2572 wrote to memory of 2396	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	37
PID 2572 wrote to memory of 2396	2572	9fed0ab71a623bc98a5d70be5952de36_JC.exe	37
PID 2632 wrote to memory of 584	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	38
PID 2632 wrote to memory of 584	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	38
PID 2632 wrote to memory of 584	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	38
PID 2632 wrote to memory of 584	2632	9fed0ab71a623bc98a5d70be5952de36_JC.exe	38
PID 2564 wrote to memory of 2636	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	39
PID 2564 wrote to memory of 2636	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	39
PID 2564 wrote to memory of 2636	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	39
PID 2564 wrote to memory of 2636	2564	9fed0ab71a623bc98a5d70be5952de36_JC.exe	39
PID 2992 wrote to memory of 2692	2992	9fed0ab71a623bc98a5d70be5952de36_JC.exe	40
PID 2992 wrote to memory of 2692	2992	9fed0ab71a623bc98a5d70be5952de36_JC.exe	40
PID 2992 wrote to memory of 2692	2992	9fed0ab71a623bc98a5d70be5952de36_JC.exe	40
PID 2992 wrote to memory of 2692	2992	9fed0ab71a623bc98a5d70be5952de36_JC.exe	40
PID 2704 wrote to memory of 1100	2704	9fed0ab71a623bc98a5d70be5952de36_JC.exe	41
PID 2704 wrote to memory of 1100	2704	9fed0ab71a623bc98a5d70be5952de36_JC.exe	41
PID 2704 wrote to memory of 1100	2704	9fed0ab71a623bc98a5d70be5952de36_JC.exe	41
PID 2704 wrote to memory of 1100	2704	9fed0ab71a623bc98a5d70be5952de36_JC.exe	41
PID 1276 wrote to memory of 1320	1276	9fed0ab71a623bc98a5d70be5952de36_JC.exe	43
PID 1276 wrote to memory of 1320	1276	9fed0ab71a623bc98a5d70be5952de36_JC.exe	43
PID 1276 wrote to memory of 1320	1276	9fed0ab71a623bc98a5d70be5952de36_JC.exe	43
PID 1276 wrote to memory of 1320	1276	9fed0ab71a623bc98a5d70be5952de36_JC.exe	43

C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
"C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        10⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        10⤵
        
        PID:20940
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:21256
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:20924
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:21320
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:21312
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:21264
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:20948
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:20916
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:21288
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:20980
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:21356
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:21272
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:21228
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:21304
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:21340
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13092
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        9⤵
        
        PID:21168
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:20932
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:14456
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:21332
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:16432
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:20956
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:20996
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10836
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:21236
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10208
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13040
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13916
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8808
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10900
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10168
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:20988
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:21296
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:21280
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:16784
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9696
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10364
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:15244
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:5888
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8800
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:11448
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:21244
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:16440
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:21004
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10452
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:14472
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6268
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10184
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:21460
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10224
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12988
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8776
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10880
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:20908
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:16256
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:9168
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:14332
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6872
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:11464
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:4296
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:7952
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:14512
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:6292
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:8760
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:15316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\horse handjob hidden lady (Curtney).mpeg.exe

Filesize
706KB

MD5
c053ea2dc09616acd0ae24d35249142b

SHA1
a3be3d84ae2174393edff7e5b9b9a33e31e0f879

SHA256
cc5c6b762f6e7aa8af7ca13e82dabf0a55a1482cc8ad80394b636f79657a6c2e

SHA512
825fb1a0944b44fef3f84f8a9c5f64fdc6eac70c38640e1f994f059664b38d1444767002df58a5b74b6efab97f5b613f0a64b024faf226c401b9ca86889aafd5

Download Submit