776b866d233786b85d01e8f7467899540f07b413122fbf4cf137d293c6453a5d

Analysis

max time kernel
20s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
Size

1.6MB
MD5

1c2c15ea0f3027c529d2b73bc2449c64
SHA1

58fca125d480c014588d77418aedc81a954e2003
SHA256

776b866d233786b85d01e8f7467899540f07b413122fbf4cf137d293c6453a5d
SHA512

ab25b0e6159c9c1b105c49260f3a00dc3f19d59f6c131471bdc6d17b014502fd9b64993e41ba5518a05d2fda62582e1f8c9240659f1dd363874cdca6c4cd6f93
SSDEEP

49152:Tp02/guZ9BbiiInyZWpjUQj54dns/FI2spgD6qqPTrWHE73WvS:T1I+TQmQtKaFxspFPTl7h

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000016ba2-5.dat	upx
behavioral1/memory/2716-29-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2124-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2508-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2716-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2500-63-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2396-66-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/544-67-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2472-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/700-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2852-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2860-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1636-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2764-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1668-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1644-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\Q:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\U:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\W:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\Z:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\B:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\G:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\N:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\R:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\S:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\T:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\X:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\Y:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\A:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\E:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\J:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\K:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\M:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\H:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\I:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\L:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\P:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File opened (read-only)	\??\V:	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\norwegian handjob beast [free] feet ìï .mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files\DVD Maker\Shared\asian xxx voyeur ìï .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian trambling big shoes .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german lesbian fucking lesbian swallow .zip.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore porn voyeur bondage .rar.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian fucking cum big nipples (Samantha,Sylvia).rar.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore beast hidden legs upskirt .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\black cumshot [milf] .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\asian fucking blowjob [free] (Anniston).mpeg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast beastiality [milf] .zip.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish trambling gang bang [bangbus] .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay masturbation 50+ .rar.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files\Windows Journal\Templates\danish kicking porn catfight .rar.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\french nude handjob sleeping titts circumcision .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Program Files (x86)\Google\Temp\fucking [bangbus] .mpeg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe

Drops file in Windows directory 19 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\asian sperm action [free] glans .mpeg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cum [milf] shoes .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian horse beast girls legs (Sarah,Kathrin).rar.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\german animal big leather .mpeg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian xxx [milf] circumcision (Sonja,Samantha).mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\mssrv.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\german porn hot (!) femdom .zip.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\spanish hardcore handjob hot (!) Ôë .mpeg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\cumshot licking .zip.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay lesbian redhair .mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\temp\norwegian action big lady .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\Downloaded Program Files\german horse hot (!) titts .zip.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\malaysia kicking masturbation (Anniston,Tatjana).mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\norwegian xxx kicking masturbation leather .mpeg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black cumshot cumshot [milf] .avi.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\tmp\russian horse catfight redhair .mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\horse hot (!) feet mistress .mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action licking stockings (Janette,Liz).mpg.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse lesbian full movie black hairunshaved .rar.exe	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 61 IoCs

pid	Process
2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
700	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2852	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2860	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1644	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1636	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2764	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1668	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2256	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1756	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
700	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2548	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2852	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2808	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
3040	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1096	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2860	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2972	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1644	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1628	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2300	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2304	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2932	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1668	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2256	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2916	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1636	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2764	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2668	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2164	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2928	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2184	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
1556	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2716	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	28
PID 2124 wrote to memory of 2716	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	28
PID 2124 wrote to memory of 2716	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	28
PID 2124 wrote to memory of 2716	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	28
PID 2124 wrote to memory of 2500	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	30
PID 2124 wrote to memory of 2500	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	30
PID 2124 wrote to memory of 2500	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	30
PID 2124 wrote to memory of 2500	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	30
PID 2716 wrote to memory of 2508	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	29
PID 2716 wrote to memory of 2508	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	29
PID 2716 wrote to memory of 2508	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	29
PID 2716 wrote to memory of 2508	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	29
PID 2508 wrote to memory of 2396	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	32
PID 2508 wrote to memory of 2396	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	32
PID 2508 wrote to memory of 2396	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	32
PID 2508 wrote to memory of 2396	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	32
PID 2500 wrote to memory of 2472	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	31
PID 2500 wrote to memory of 2472	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	31
PID 2500 wrote to memory of 2472	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	31
PID 2500 wrote to memory of 2472	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	31
PID 2124 wrote to memory of 544	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	33
PID 2124 wrote to memory of 544	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	33
PID 2124 wrote to memory of 544	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	33
PID 2124 wrote to memory of 544	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	33
PID 2716 wrote to memory of 700	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	34
PID 2716 wrote to memory of 700	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	34
PID 2716 wrote to memory of 700	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	34
PID 2716 wrote to memory of 700	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	34
PID 2396 wrote to memory of 2852	2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	36
PID 2396 wrote to memory of 2852	2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	36
PID 2396 wrote to memory of 2852	2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	36
PID 2396 wrote to memory of 2852	2396	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	36
PID 2472 wrote to memory of 2860	2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	35
PID 2472 wrote to memory of 2860	2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	35
PID 2472 wrote to memory of 2860	2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	35
PID 2472 wrote to memory of 2860	2472	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	35
PID 544 wrote to memory of 1644	544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	37
PID 544 wrote to memory of 1644	544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	37
PID 544 wrote to memory of 1644	544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	37
PID 544 wrote to memory of 1644	544	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	37
PID 2500 wrote to memory of 1636	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	42
PID 2500 wrote to memory of 1636	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	42
PID 2500 wrote to memory of 1636	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	42
PID 2500 wrote to memory of 1636	2500	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	42
PID 2716 wrote to memory of 1668	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	41
PID 2716 wrote to memory of 1668	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	41
PID 2716 wrote to memory of 1668	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	41
PID 2716 wrote to memory of 1668	2716	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	41
PID 2124 wrote to memory of 2764	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	40
PID 2124 wrote to memory of 2764	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	40
PID 2124 wrote to memory of 2764	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	40
PID 2124 wrote to memory of 2764	2124	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	40
PID 2508 wrote to memory of 2256	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	39
PID 2508 wrote to memory of 2256	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	39
PID 2508 wrote to memory of 2256	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	39
PID 2508 wrote to memory of 2256	2508	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	39
PID 700 wrote to memory of 1756	700	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	38
PID 700 wrote to memory of 1756	700	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	38
PID 700 wrote to memory of 1756	700	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	38
PID 700 wrote to memory of 1756	700	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	38
PID 2852 wrote to memory of 2548	2852	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	43
PID 2852 wrote to memory of 2548	2852	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	43
PID 2852 wrote to memory of 2548	2852	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	43
PID 2852 wrote to memory of 2548	2852	NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        9⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        10⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        9⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        9⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:12440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:9264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:12136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:12416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:6176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:10012
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        9⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        8⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:13160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:14108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:11036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:10684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:10984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:11008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:9756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:9256
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:544
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        7⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:9248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:10992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:8472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:10620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:11708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:8252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:14680
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:9972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        6⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:12376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:10604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:11052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:6868
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:11024
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:12448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:9172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:9576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:12360
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:14444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:15676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:11200
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  PID:3548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
      4⤵
      PID:11452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:10636
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  PID:5276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:11532
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  PID:6964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
    3⤵
    PID:12312
- C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1c2c15ea0f3027c529d2b73bc2449c64_JC.exe"
  2⤵
  PID:12144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\microsoft shared\asian fucking blowjob [free] (Anniston).mpeg.exe

Filesize
286KB

MD5
73f3a70bc75814f571cb4a15580ef3f6

SHA1
c6ea2d42fe4a618e30bd297973b701cb49d2115e

SHA256
756f32e740065154588dcb99d32d4884ce0d3cd115c5143917ee628b58c64ab8

SHA512
7ce5d960fc4b023a7f507d5f5b2f8f58c5049cc21753eb3ffd3318d32cce4d9a775f17d0d9534e203832bbb6021d51e75aea94f335eb09d61726620a8d6ab363

Download Submit
memory/544-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/700-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1636-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1644-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1668-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2124-61-0x00000000044E0000-0x00000000044FF000-memory.dmp

Filesize
124KB

Download
memory/2124-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2124-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2396-70-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2396-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2472-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2500-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2500-64-0x00000000047B0000-0x00000000047CF000-memory.dmp

Filesize
124KB

Download
memory/2508-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2716-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2716-58-0x00000000047E0000-0x00000000047FF000-memory.dmp

Filesize
124KB

Download
memory/2716-29-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2764-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2852-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2860-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download