74400de6b46d453421e9acd318fcb526161ed6cd24e686c5d76e7eb484388baf

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fed0ab71a623bc98a5d70be5952de36_JC.exe
Size

391KB
MD5

9fed0ab71a623bc98a5d70be5952de36
SHA1

ec7890cf759bc063046ca34fb5da4e3cb7743be2
SHA256

74400de6b46d453421e9acd318fcb526161ed6cd24e686c5d76e7eb484388baf
SHA512

a8e353736a14b6652d82fb579b391a319544409500c0eb3f3b9111b5fc5214b68b05435288ad6ff495049b165acd291433347113aabc6ffa69e63dacc6e0088d
SSDEEP

6144:zXC4vgmhbIxs3NBBcAKdmqxgXpv6geA9//BucEl5COt8Xwfq2CHa+yF07N8Y3+m8:zXCNi9Bejnx21zZBAvl+yqgj+5x3fe

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	9fed0ab71a623bc98a5d70be5952de36_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	9fed0ab71a623bc98a5d70be5952de36_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	9fed0ab71a623bc98a5d70be5952de36_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	9fed0ab71a623bc98a5d70be5952de36_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\E:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\I:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\J:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\O:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\R:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\V:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\Q:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\T:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\U:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\X:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\Y:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\L:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\N:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\S:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\W:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\Z:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\A:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\G:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\H:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\K:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\M:	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File opened (read-only)	\??\P:	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian horse horse licking ash .mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian trambling [bangbus] .mpeg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese blowjob public .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx horse licking bondage .avi.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\spanish nude nude hidden titts femdom .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese fucking fucking sleeping boobs bedroom .mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\spanish bukkake full movie wifey (Jade,Sonja).zip.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking big feet black hairunshaved .zip.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish beastiality lingerie [milf] shower .zip.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\nude nude several models .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american porn porn sleeping traffic .zip.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Google\Temp\swedish lingerie girls .rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\black lesbian beastiality full movie boobs (Curtney,Melissa).mpg.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay beastiality licking ash (Kathrin).avi.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese beastiality full movie (Sandy).rar.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish hardcore hardcore [bangbus] young (Christine).avi.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
5008	9fed0ab71a623bc98a5d70be5952de36_JC.exe
5008	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3696	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3696	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4884	9fed0ab71a623bc98a5d70be5952de36_JC.exe
4884	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1472	9fed0ab71a623bc98a5d70be5952de36_JC.exe
1472	9fed0ab71a623bc98a5d70be5952de36_JC.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 4976	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	83
PID 3928 wrote to memory of 4976	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	83
PID 3928 wrote to memory of 4976	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	83
PID 3928 wrote to memory of 4988	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	86
PID 3928 wrote to memory of 4988	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	86
PID 3928 wrote to memory of 4988	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	86
PID 4976 wrote to memory of 5008	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	87
PID 4976 wrote to memory of 5008	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	87
PID 4976 wrote to memory of 5008	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	87
PID 3928 wrote to memory of 3696	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	90
PID 3928 wrote to memory of 3696	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	90
PID 3928 wrote to memory of 3696	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	90
PID 4976 wrote to memory of 1472	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	91
PID 4976 wrote to memory of 1472	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	91
PID 4976 wrote to memory of 1472	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	91
PID 4988 wrote to memory of 4884	4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe	92
PID 4988 wrote to memory of 4884	4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe	92
PID 4988 wrote to memory of 4884	4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe	92
PID 5008 wrote to memory of 1652	5008	9fed0ab71a623bc98a5d70be5952de36_JC.exe	93
PID 5008 wrote to memory of 1652	5008	9fed0ab71a623bc98a5d70be5952de36_JC.exe	93
PID 5008 wrote to memory of 1652	5008	9fed0ab71a623bc98a5d70be5952de36_JC.exe	93
PID 3928 wrote to memory of 2444	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	95
PID 3928 wrote to memory of 2444	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	95
PID 3928 wrote to memory of 2444	3928	9fed0ab71a623bc98a5d70be5952de36_JC.exe	95
PID 3696 wrote to memory of 1140	3696	9fed0ab71a623bc98a5d70be5952de36_JC.exe	96
PID 3696 wrote to memory of 1140	3696	9fed0ab71a623bc98a5d70be5952de36_JC.exe	96
PID 3696 wrote to memory of 1140	3696	9fed0ab71a623bc98a5d70be5952de36_JC.exe	96
PID 4988 wrote to memory of 3280	4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe	97
PID 4988 wrote to memory of 3280	4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe	97
PID 4988 wrote to memory of 3280	4988	9fed0ab71a623bc98a5d70be5952de36_JC.exe	97
PID 4976 wrote to memory of 3248	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	98
PID 4976 wrote to memory of 3248	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	98
PID 4976 wrote to memory of 3248	4976	9fed0ab71a623bc98a5d70be5952de36_JC.exe	98

C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
"C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:18464
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:19240
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:19232
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13608
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:18472
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:18640
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13568
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2680
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13704
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3576
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10892
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:14012
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        7⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:19252
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:14176
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:708
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:18648
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:4032
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:11988
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5832
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10560
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:13792
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3696
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:376
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13696
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        6⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13720
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13384
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5076
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1844
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10568
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:13800
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:13680
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:3724
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1932
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10424
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:13748
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:4580
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:14208
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:1632
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:2620
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:10040
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:13560
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:19224
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:4852
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:6624
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
      4⤵
      PID:5404
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:11632
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:14300
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:5932
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:9556
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:12776
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:17352
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:7364
- - C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
    3⤵
    PID:14324
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:10016
- C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\9fed0ab71a623bc98a5d70be5952de36_JC.exe"
  2⤵
  PID:13532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese fucking fucking sleeping boobs bedroom .mpg.exe

Filesize
396KB

MD5
34b8f1ad6a53dcbb22cab29238e9117a

SHA1
bd9b37cf6f8540e8b82edd876355c2505a13ba83

SHA256
6c007214236cae905efaa5f86e2af436b7eb963a88c038060dc5846c9d1bca20

SHA512
217593d4b28f0807faf5631b7f38c08ea51c6421275c39ebfd937968aa84fb8576e0bd79c8ba01036a4661b8c9e7d907b7ad32ad7bf376af8744044e30b70a2c

Download Submit