a497aadae9391ade5a03102288afe12e0bc05663fb73f4693797dcd0e25ede61

Analysis

max time kernel
32s
max time network
147s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
Size

1.9MB
MD5

f6f41ccb0688968537c0b8aa31bc4cb5
SHA1

16180b89455533ab3aaff4963241e05005c6cca6
SHA256

a497aadae9391ade5a03102288afe12e0bc05663fb73f4693797dcd0e25ede61
SHA512

97fcefeeb6029e666d15cce8a5a68c9f69e96f039f14fcc30b87fbe33985e77fcd6e5003b25f5e8d0e74a5c57251ce3f2a01fdb3399e59ba5b65ae6875854359
SSDEEP

49152:dKQD3rbiPnHCyVmRGhcEtEkbU4PHDRmpdUG7ds:dfjviPnHCyqU91jRmpdM

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2796-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2796-3-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2796-4-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000015622-7.dat	upx
behavioral1/memory/2956-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1916-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1060-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/456-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1368-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2796-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2844-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/524-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/676-79-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/308-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/588-81-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1728-82-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2664-84-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1580-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/876-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2784-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2172-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2168-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2788-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3012-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1904-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1916-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1904-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3008-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2404-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/396-103-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2504-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1524-108-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1220-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1692-110-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2416-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2392-113-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1944-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2356-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1452-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1220-119-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2428-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2400-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1608-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1712-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2864-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2820-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\E:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\I:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\N:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\Z:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\V:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\X:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\G:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\J:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\O:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\S:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\T:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\U:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\Y:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\B:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\L:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\M:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\Q:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\R:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\W:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\H:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\K:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File opened (read-only)	\??\P:	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\brasilian gang bang lesbian masturbation titts .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian action gay [bangbus] glans leather .avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\russian nude lesbian big hairy .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob lesbian latex .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files\Windows Journal\Templates\hardcore girls mature .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black gang bang gay uncut hole femdom .mpg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake several models glans .avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian gang bang sperm licking traffic .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\italian fetish blowjob several models hole .zip.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black gang bang gay hot (!) feet .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian porn horse [free] hairy .avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black kicking lesbian [free] .zip.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\blowjob voyeur hole sweet (Tatjana).zip.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Google\Temp\italian horse sperm full movie .mpg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish action horse big (Melissa).zip.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking sleeping boots .avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\tmp\xxx masturbation (Jade).rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish cum gay [bangbus] shower .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian handjob bukkake public titts .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\beast [bangbus] boots .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian nude fucking girls ash (Sandy,Karin).zip.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\sperm sleeping hole blondie .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian animal hardcore voyeur titts .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob public shoes .avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\Downloaded Program Files\italian kicking fucking several models pregnant .mpeg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\mssrv.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish handjob xxx lesbian blondie (Anniston,Karin).avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese beastiality blowjob licking bedroom .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian animal horse lesbian .mpg.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\temp\italian handjob sperm masturbation swallow .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian handjob gay big titts .avi.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian nude fucking voyeur sm .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black porn xxx sleeping penetration .rar.exe	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
308	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2664	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
588	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
524	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
676	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
876	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1728	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1580	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2172	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2168	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2664	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2788	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
3012	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
308	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
3008	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1904	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2404	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2404	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
396	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
396	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
680	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
680	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2504	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2504	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1524	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1524	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2416	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2416	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2392	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
2392	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2844	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	28
PID 2796 wrote to memory of 2844	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	28
PID 2796 wrote to memory of 2844	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	28
PID 2796 wrote to memory of 2844	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	28
PID 2844 wrote to memory of 2784	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	31
PID 2844 wrote to memory of 2784	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	31
PID 2844 wrote to memory of 2784	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	31
PID 2844 wrote to memory of 2784	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	31
PID 2796 wrote to memory of 2956	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	32
PID 2796 wrote to memory of 2956	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	32
PID 2796 wrote to memory of 2956	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	32
PID 2796 wrote to memory of 2956	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	32
PID 2784 wrote to memory of 456	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	33
PID 2784 wrote to memory of 456	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	33
PID 2784 wrote to memory of 456	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	33
PID 2784 wrote to memory of 456	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	33
PID 2956 wrote to memory of 1916	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	34
PID 2956 wrote to memory of 1916	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	34
PID 2956 wrote to memory of 1916	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	34
PID 2956 wrote to memory of 1916	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	34
PID 2796 wrote to memory of 1060	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	36
PID 2796 wrote to memory of 1060	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	36
PID 2796 wrote to memory of 1060	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	36
PID 2796 wrote to memory of 1060	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	36
PID 2844 wrote to memory of 1368	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	35
PID 2844 wrote to memory of 1368	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	35
PID 2844 wrote to memory of 1368	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	35
PID 2844 wrote to memory of 1368	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	35
PID 2956 wrote to memory of 2664	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	44
PID 2956 wrote to memory of 2664	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	44
PID 2956 wrote to memory of 2664	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	44
PID 2956 wrote to memory of 2664	2956	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	44
PID 456 wrote to memory of 308	456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	37
PID 456 wrote to memory of 308	456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	37
PID 456 wrote to memory of 308	456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	37
PID 456 wrote to memory of 308	456	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	37
PID 1916 wrote to memory of 524	1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	43
PID 1916 wrote to memory of 524	1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	43
PID 1916 wrote to memory of 524	1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	43
PID 1916 wrote to memory of 524	1916	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	43
PID 2796 wrote to memory of 588	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	42
PID 2796 wrote to memory of 588	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	42
PID 2796 wrote to memory of 588	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	42
PID 2796 wrote to memory of 588	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	42
PID 2844 wrote to memory of 676	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	39
PID 2844 wrote to memory of 676	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	39
PID 2844 wrote to memory of 676	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	39
PID 2844 wrote to memory of 676	2844	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	39
PID 2784 wrote to memory of 876	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	38
PID 2784 wrote to memory of 876	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	38
PID 2784 wrote to memory of 876	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	38
PID 2784 wrote to memory of 876	2784	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	38
PID 1368 wrote to memory of 1728	1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	40
PID 1368 wrote to memory of 1728	1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	40
PID 1368 wrote to memory of 1728	1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	40
PID 1368 wrote to memory of 1728	1368	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	40
PID 1060 wrote to memory of 1580	1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	41
PID 1060 wrote to memory of 1580	1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	41
PID 1060 wrote to memory of 1580	1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	41
PID 1060 wrote to memory of 1580	1060	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	41
PID 2796 wrote to memory of 2172	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	45
PID 2796 wrote to memory of 2172	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	45
PID 2796 wrote to memory of 2172	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	45
PID 2796 wrote to memory of 2172	2796	NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe	45

C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        10⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:14636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:12320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:11888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:17028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:15380
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16352
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:5620
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:11948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:12572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15152
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:15216
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:10428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:16376
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        6⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:14572
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:2988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:16496
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  PID:3348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:15600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:16304
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
      4⤵
      PID:16728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:16112
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  PID:7216
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
    3⤵
    PID:16424
- C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f6f41ccb0688968537c0b8aa31bc4cb5_JC.exe"
  2⤵
  PID:14684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\black gang bang gay uncut hole femdom .mpg.exe

Filesize
581KB

MD5
8ad642691166fceda96adce1eba2a36a

SHA1
3b521b51c4007555b5fb5b4b5f2e4f7d9ae44fe1

SHA256
936126636b0e365d5aa64ef9e3c30abba6aa9282ec033ebe5331d02d835d0011

SHA512
7d583209e925f58bb13c3482edcc8ccc1bbc5a64aeae51a8376a54929cd5576b01a91272de51a1a3f538f3aad67fe44a0ec5c967a7282274fa303c912a570363

Download Submit
memory/308-126-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/308-115-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/308-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/396-103-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/456-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/456-96-0x0000000001E80000-0x0000000001E9F000-memory.dmp

Filesize
124KB

Download
memory/456-77-0x0000000001E80000-0x0000000001E9F000-memory.dmp

Filesize
124KB

Download
memory/524-99-0x0000000004680000-0x000000000469F000-memory.dmp

Filesize
124KB

Download
memory/524-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/588-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/676-79-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/876-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1060-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1220-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1220-119-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1368-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1368-101-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/1452-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1524-108-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1580-105-0x00000000045C0000-0x00000000045DF000-memory.dmp

Filesize
124KB

Download
memory/1580-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1608-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1692-110-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1712-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1728-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1728-116-0x00000000045C0000-0x00000000045DF000-memory.dmp

Filesize
124KB

Download
memory/1904-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-125-0x0000000002000000-0x000000000201F000-memory.dmp

Filesize
124KB

Download
memory/1916-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1916-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1944-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2168-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2172-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2356-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2392-113-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2400-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2404-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2416-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2428-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2504-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2664-84-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2784-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2784-93-0x0000000004A40000-0x0000000004A5F000-memory.dmp

Filesize
124KB

Download
memory/2784-68-0x0000000004A40000-0x0000000004A5F000-memory.dmp

Filesize
124KB

Download
memory/2788-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2796-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2796-3-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2796-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2796-54-0x0000000004720000-0x000000000473F000-memory.dmp

Filesize
124KB

Download
memory/2796-87-0x0000000004720000-0x000000000473F000-memory.dmp

Filesize
124KB

Download
memory/2796-71-0x0000000004710000-0x000000000472F000-memory.dmp

Filesize
124KB

Download
memory/2796-4-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2820-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2844-76-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/2844-112-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/2844-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2844-53-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/2864-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2956-95-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download
memory/2956-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2956-97-0x0000000004A60000-0x0000000004A7F000-memory.dmp

Filesize
124KB

Download
memory/3008-123-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/3008-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3012-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download