86351eb7015f9df74527a1137e2c73a0191a7589e201878cbc417bbc2421d35c

Analysis

max time kernel
150s
max time network
135s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
Size

2.0MB
MD5

9e4cdf3b06129b28f993cd524266672c
SHA1

1042795ab154b54d6431df8b584692a73cd81ca9
SHA256

86351eb7015f9df74527a1137e2c73a0191a7589e201878cbc417bbc2421d35c
SHA512

581561a195c6c3f92007758d2bcca6b62adea3a52d018afb932a9d4682bad4a9818d68e8a417cca15c92cdae98ce6af6eb668ec370f5e0463abf59ab46d20886
SSDEEP

49152:y/cQRXY27yZ7AMBoInUnwYlYAnjI+ujcxr6bN3PBfIrHMj1Hb:e9o27HgoI6wYlYAnjiigPhIzMj1Hb

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3060-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0008000000015cb7-5.dat	upx
behavioral1/memory/3032-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3028-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3060-65-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2856-82-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1888-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2928-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1684-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1936-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3032-95-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/268-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/588-101-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1688-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1868-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2900-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2336-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3060-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1936-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1868-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2976-108-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1688-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/268-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2376-113-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/696-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/588-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1480-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2336-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1816-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1244-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1820-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1116-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1876-125-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1640-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2940-129-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2392-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2296-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/844-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2112-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2420-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2016-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/628-139-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/636-140-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/828-141-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1816-142-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1244-143-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/844-145-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2720-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2952-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2540-148-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2872-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\E:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\K:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\L:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\S:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\Y:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\W:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\G:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\H:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\P:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\Q:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\U:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\V:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\N:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\O:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\X:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\Z:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\B:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\I:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\J:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\M:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\R:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File opened (read-only)	\??\T:	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\french gang bang cumshot uncut (Tatjana).zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\african hardcore gang bang lesbian (Christine,Karin).mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french blowjob masturbation .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish lingerie action [free] boots (Britney,Samantha).mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude [bangbus] mistress (Sarah).mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american lingerie catfight balls .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\chinese blowjob trambling [bangbus] .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african fucking catfight .avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob several models .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish gay horse lesbian .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish sperm horse masturbation .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian sperm uncut nipples upskirt .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\asian lingerie several models glans .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian lesbian hardcore lesbian granny (Kathrin,Sandy).avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake [free] cock 50+ .avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\kicking full movie .avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\sperm sperm [free] gorgeoushorny (Tatjana).zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african beast [free] castration .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\black gay voyeur boobs wifey .avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files\DVD Maker\Shared\gay sleeping hole (Sandy).mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot uncut boobs swallow (Tatjana,Britney).avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\action hot (!) hotel .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\malaysia blowjob cumshot hot (!) 50+ .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\beast hidden legs sweet .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Program Files\Windows Journal\Templates\xxx blowjob uncut gorgeoushorny .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe

Drops file in Windows directory 35 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse [free] feet Ôë (Kathrin).zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse fucking [free] .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian cumshot big wifey .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish sperm full movie granny .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\handjob [milf] .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian gang bang gang bang sleeping femdom .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\SoftwareDistribution\Download\malaysia handjob animal full movie young .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\horse kicking girls 50+ .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french blowjob horse public nipples 40+ (Sonja).rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\asian porn [bangbus] .avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\temp\beast horse hidden .avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\PLA\Templates\italian hardcore [milf] cock black hairunshaved .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse horse big vagina femdom .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake horse girls ejaculation .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian nude fucking [free] (Sonja).avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian nude kicking catfight femdom .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\black horse uncut boobs .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish kicking cumshot big high heels .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\french bukkake horse voyeur .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\canadian lesbian hot (!) nipples ¼ç (Sarah).avi.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish porn public cock leather .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\tmp\malaysia fucking [milf] .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian cumshot fucking catfight (Tatjana).rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action lesbian [milf] femdom .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\norwegian lesbian voyeur boobs pregnant .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\action catfight gorgeoushorny .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\mssrv.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\german beastiality [milf] pregnant .rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\xxx horse licking (Janette,Sonja).zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\security\templates\action sperm voyeur (Anniston,Samantha).rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cumshot catfight young (Anniston,Ashley).mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\african cum porn masturbation vagina stockings (Jenna).rar.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\Downloaded Program Files\swedish lesbian masturbation penetration .mpeg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black hardcore beast [milf] vagina .zip.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\blowjob beast public legs blondie .mpg.exe	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2928	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1684	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1936	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1868	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
588	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1688	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2928	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
268	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1480	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
696	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2336	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1684	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1640	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2976	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1936	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2376	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1868	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2296	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2420	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
2016	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2856	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	28
PID 3060 wrote to memory of 2856	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	28
PID 3060 wrote to memory of 2856	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	28
PID 3060 wrote to memory of 2856	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	28
PID 2856 wrote to memory of 3032	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	29
PID 2856 wrote to memory of 3032	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	29
PID 2856 wrote to memory of 3032	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	29
PID 2856 wrote to memory of 3032	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	29
PID 3060 wrote to memory of 3028	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	30
PID 3060 wrote to memory of 3028	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	30
PID 3060 wrote to memory of 3028	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	30
PID 3060 wrote to memory of 3028	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	30
PID 3032 wrote to memory of 2900	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	31
PID 3032 wrote to memory of 2900	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	31
PID 3032 wrote to memory of 2900	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	31
PID 3032 wrote to memory of 2900	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	31
PID 3028 wrote to memory of 2928	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	32
PID 3028 wrote to memory of 2928	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	32
PID 3028 wrote to memory of 2928	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	32
PID 3028 wrote to memory of 2928	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	32
PID 2856 wrote to memory of 1888	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	33
PID 2856 wrote to memory of 1888	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	33
PID 2856 wrote to memory of 1888	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	33
PID 2856 wrote to memory of 1888	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	33
PID 3060 wrote to memory of 1684	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	34
PID 3060 wrote to memory of 1684	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	34
PID 3060 wrote to memory of 1684	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	34
PID 3060 wrote to memory of 1684	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	34
PID 2900 wrote to memory of 1936	2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	35
PID 2900 wrote to memory of 1936	2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	35
PID 2900 wrote to memory of 1936	2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	35
PID 2900 wrote to memory of 1936	2900	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	35
PID 3032 wrote to memory of 1868	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	36
PID 3032 wrote to memory of 1868	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	36
PID 3032 wrote to memory of 1868	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	36
PID 3032 wrote to memory of 1868	3032	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	36
PID 1888 wrote to memory of 1688	1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	41
PID 1888 wrote to memory of 1688	1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	41
PID 1888 wrote to memory of 1688	1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	41
PID 1888 wrote to memory of 1688	1888	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	41
PID 3028 wrote to memory of 588	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	40
PID 3028 wrote to memory of 588	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	40
PID 3028 wrote to memory of 588	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	40
PID 3028 wrote to memory of 588	3028	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	40
PID 2856 wrote to memory of 268	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	39
PID 2856 wrote to memory of 268	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	39
PID 2856 wrote to memory of 268	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	39
PID 2856 wrote to memory of 268	2856	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	39
PID 2928 wrote to memory of 696	2928	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	38
PID 2928 wrote to memory of 696	2928	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	38
PID 2928 wrote to memory of 696	2928	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	38
PID 2928 wrote to memory of 696	2928	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	38
PID 3060 wrote to memory of 1480	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	37
PID 3060 wrote to memory of 1480	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	37
PID 3060 wrote to memory of 1480	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	37
PID 3060 wrote to memory of 1480	3060	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	37
PID 1684 wrote to memory of 2336	1684	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	42
PID 1684 wrote to memory of 2336	1684	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	42
PID 1684 wrote to memory of 2336	1684	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	42
PID 1684 wrote to memory of 2336	1684	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	42
PID 1936 wrote to memory of 1640	1936	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	43
PID 1936 wrote to memory of 1640	1936	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	43
PID 1936 wrote to memory of 1640	1936	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	43
PID 1936 wrote to memory of 1640	1936	NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        9⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:9324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:9380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:17184
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:14996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:5260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:10704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:17504
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        8⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:10696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:17904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:10664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:14448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:17196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:5284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:7908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:13460
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:8536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:13596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:5568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:7932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:13712
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:10616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:9392
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        6⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:14588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:5576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:7804
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  PID:828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:13580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:13548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:6532
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
      4⤵
      PID:10296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:5392
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:8816
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:6736
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:13636
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  PID:6620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
    3⤵
    PID:11008
- C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9e4cdf3b06129b28f993cd524266672c_JC.exe"
  2⤵
  PID:11060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot uncut boobs swallow (Tatjana,Britney).avi.exe

Filesize
202KB

MD5
55e00b18085d0a712c6d5b4f6b11a07a

SHA1
668c1b30df3d2c1910b41c1d2fa7c914da8a959a

SHA256
af1ee83ae2026ee890991272468b7218caa77c5c723357925c91dad328b2c282

SHA512
ecff96b96dfe3f4cab071d661355fd639ab194c9f82dc09a6f5c16c1c009c30aa93b118b165afa6c8b9d9e64fdeb9c1c2063dbcc16c1155e188bb87c6d7c319f

Download Submit
memory/268-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/268-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/588-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/588-101-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/628-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/636-140-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/696-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/696-127-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/828-141-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/844-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/844-145-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1116-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1244-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1244-143-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1480-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1640-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-103-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/1688-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1688-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1816-142-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1816-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1820-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1868-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1868-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1876-125-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1888-109-0x00000000045D0000-0x00000000045EF000-memory.dmp

Filesize
124KB

Download
memory/1888-131-0x00000000045D0000-0x00000000045EF000-memory.dmp

Filesize
124KB

Download
memory/1888-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1888-114-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download
memory/1936-134-0x0000000004530000-0x000000000454F000-memory.dmp

Filesize
124KB

Download
memory/1936-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1936-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2016-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2112-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2296-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2336-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2336-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2376-144-0x0000000004820000-0x000000000483F000-memory.dmp

Filesize
124KB

Download
memory/2376-113-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2392-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2420-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2540-148-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2720-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2856-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2872-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2900-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2928-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2940-129-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2952-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2976-108-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3028-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3028-136-0x0000000001EE0000-0x0000000001EFF000-memory.dmp

Filesize
124KB

Download
memory/3028-119-0x0000000001EE0000-0x0000000001EFF000-memory.dmp

Filesize
124KB

Download
memory/3032-95-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3032-81-0x0000000004430000-0x000000000444F000-memory.dmp

Filesize
124KB

Download
memory/3032-110-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/3032-117-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/3032-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3032-98-0x0000000004430000-0x000000000444F000-memory.dmp

Filesize
124KB

Download
memory/3060-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3060-63-0x0000000005810000-0x000000000582F000-memory.dmp

Filesize
124KB

Download
memory/3060-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3060-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3060-84-0x0000000005810000-0x000000000582F000-memory.dmp

Filesize
124KB

Download