ec972fff37a33a77b12acc445370efa9ddf228712755a3812502b5271eb3a8a1

Analysis

max time kernel
51s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
Size

139KB
MD5

b8d59ebb4b01f4582abe174006cb8fc3
SHA1

f2214c63aaac05e5aee1cf60ea29ffb16070b748
SHA256

ec972fff37a33a77b12acc445370efa9ddf228712755a3812502b5271eb3a8a1
SHA512

d31b6d80197855a2dadcf28a0da223f968edf37d217cfc8ba60b9b92418e7e77ae5ad3973ba850b0dcb45df54b94155d5d2763d3c2ae7fd94905e0f776a34840
SSDEEP

1536:t1RVCaKgzbLc54hukfgvYnouy8vQf24Y5+9DECtjhOHjE+AH1Es3cuZ+OlQJFH8:t/jbLl/gvQoutvH4DVTUHAH1EBuok

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2420-3-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2420-5-0x0000000004840000-0x000000000485F000-memory.dmp	upx
behavioral1/memory/2700-6-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000016cd8-9.dat	upx
behavioral1/memory/2700-20-0x0000000004510000-0x000000000452F000-memory.dmp	upx
behavioral1/memory/2328-21-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2804-22-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2816-61-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2596-63-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/692-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\O:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\U:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\W:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\X:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\L:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\S:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\T:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\K:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\M:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\N:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\Q:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\R:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\A:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\G:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\I:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\V:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\Y:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\P:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\Z:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\B:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\H:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File opened (read-only)	\??\J:	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\russian animal bukkake masturbation glans mature .mpg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fucking uncut black hairunshaved (Kathrin,Liz).avi.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish cumshot trambling lesbian (Sylvia).zip.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black kicking hardcore girls cock latex .mpeg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\japanese cumshot beast [bangbus] ash .mpg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian handjob gay [bangbus] titts .avi.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\gay licking high heels .rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\trambling uncut (Samantha).zip.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Google\Temp\swedish porn blowjob uncut (Janette).rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast licking hole boots .mpg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian cum fucking several models (Jade).zip.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian cumshot sperm sleeping glans redhair (Tatjana).rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore lesbian cock .mpg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\japanese fetish trambling hot (!) feet (Anniston,Melissa).rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cum trambling several models feet high heels .zip.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse lesbian titts sm .rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish animal lesbian licking hole ash (Karin).avi.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\mssrv.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian nude lingerie catfight cock penetration .mpeg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore public cock femdom .mpeg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore several models .rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian gang bang blowjob public cock hairy (Melissa).mpg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish horse sperm masturbation feet .mpeg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese nude blowjob hot (!) feet .mpg.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish nude hardcore licking hole upskirt .zip.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese horse horse sleeping 50+ .rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian animal hardcore licking hole young (Jade).avi.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fucking voyeur stockings .rar.exe	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1872	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1224	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1732	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1640	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1200	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1628	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2772	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2992	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
896	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1696	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1872	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1784	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
108	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2448	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1732	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1640	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1532	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2904	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1224	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2208	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1200	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1628	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2924	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1560	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1660	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
1660	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
828	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
828	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
396	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
396	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2012	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2012	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
2260	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2700	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	29
PID 2420 wrote to memory of 2700	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	29
PID 2420 wrote to memory of 2700	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	29
PID 2420 wrote to memory of 2700	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	29
PID 2420 wrote to memory of 2804	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	30
PID 2420 wrote to memory of 2804	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	30
PID 2420 wrote to memory of 2804	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	30
PID 2420 wrote to memory of 2804	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	30
PID 2700 wrote to memory of 2328	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	31
PID 2700 wrote to memory of 2328	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	31
PID 2700 wrote to memory of 2328	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	31
PID 2700 wrote to memory of 2328	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	31
PID 2804 wrote to memory of 2816	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	32
PID 2804 wrote to memory of 2816	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	32
PID 2804 wrote to memory of 2816	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	32
PID 2804 wrote to memory of 2816	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	32
PID 2700 wrote to memory of 692	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	34
PID 2700 wrote to memory of 692	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	34
PID 2700 wrote to memory of 692	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	34
PID 2700 wrote to memory of 692	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	34
PID 2328 wrote to memory of 2596	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	35
PID 2328 wrote to memory of 2596	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	35
PID 2328 wrote to memory of 2596	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	35
PID 2328 wrote to memory of 2596	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	35
PID 2420 wrote to memory of 472	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	33
PID 2420 wrote to memory of 472	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	33
PID 2420 wrote to memory of 472	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	33
PID 2420 wrote to memory of 472	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	33
PID 2596 wrote to memory of 1872	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	36
PID 2596 wrote to memory of 1872	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	36
PID 2596 wrote to memory of 1872	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	36
PID 2596 wrote to memory of 1872	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	36
PID 2700 wrote to memory of 1732	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	43
PID 2700 wrote to memory of 1732	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	43
PID 2700 wrote to memory of 1732	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	43
PID 2700 wrote to memory of 1732	2700	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	43
PID 2328 wrote to memory of 1224	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	42
PID 2328 wrote to memory of 1224	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	42
PID 2328 wrote to memory of 1224	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	42
PID 2328 wrote to memory of 1224	2328	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	42
PID 2816 wrote to memory of 1640	2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	41
PID 2816 wrote to memory of 1640	2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	41
PID 2816 wrote to memory of 1640	2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	41
PID 2816 wrote to memory of 1640	2816	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	41
PID 2804 wrote to memory of 1200	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	37
PID 2804 wrote to memory of 1200	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	37
PID 2804 wrote to memory of 1200	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	37
PID 2804 wrote to memory of 1200	2804	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	37
PID 2420 wrote to memory of 2772	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	40
PID 2420 wrote to memory of 2772	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	40
PID 2420 wrote to memory of 2772	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	40
PID 2420 wrote to memory of 2772	2420	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	40
PID 472 wrote to memory of 1628	472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	38
PID 472 wrote to memory of 1628	472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	38
PID 472 wrote to memory of 1628	472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	38
PID 472 wrote to memory of 1628	472	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	38
PID 692 wrote to memory of 2992	692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	39
PID 692 wrote to memory of 2992	692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	39
PID 692 wrote to memory of 2992	692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	39
PID 692 wrote to memory of 2992	692	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	39
PID 2596 wrote to memory of 896	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	44
PID 2596 wrote to memory of 896	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	44
PID 2596 wrote to memory of 896	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	44
PID 2596 wrote to memory of 896	2596	NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe	44

C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        9⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:13364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15680
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:14780
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:6876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:12552
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:13280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:13304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:14084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:7408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:15640
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        7⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:14656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:6412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:9488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:13288
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:7676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:15412
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:15844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
        5⤵
        
        PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:14140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:6368
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:9688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:14696
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
      4⤵
      PID:14764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:9700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:14116
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:6220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:10676
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  PID:4920
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:9568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
    3⤵
    PID:14744
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  PID:7472
- C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b8d59ebb4b01f4582abe174006cb8fc3_JC.exe"
  2⤵
  PID:15816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cum trambling several models feet high heels .zip.exe

Filesize
1.8MB

MD5
cf72273f3448acd5e742a0aa33bf96a2

SHA1
3f1c4fea20ef3b7d34f12885525116c9c05cae11

SHA256
070226e73415209204ec944ecfd02d44810bcb1e836a18939d9655c2fd750ede

SHA512
cb89c7be7a1527fe9b6c2d8cbf0622b04d4336c5c3d812dff3ae51349e2a85ed776fb0a0af8e8dd9b5abe6269ffe0755bd668dda28e2d25fdaf49400429406e3

Download Submit
memory/692-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2328-21-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2420-3-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2420-5-0x0000000004840000-0x000000000485F000-memory.dmp

Filesize
124KB

Download
memory/2420-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2596-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2700-6-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2700-62-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2700-20-0x0000000004510000-0x000000000452F000-memory.dmp

Filesize
124KB

Download
memory/2804-22-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2804-60-0x00000000043F0000-0x000000000440F000-memory.dmp

Filesize
124KB

Download
memory/2816-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download