77b0257adedde817246480017f013da08807671582ba85e6a08a47c619b81e38

Analysis

max time kernel
16s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
Size

192KB
MD5

632a99ee39c4c6495cfb061b7a2ce450
SHA1

9a7f5b8edd73a4cf4d6db26d6f343b472507cb11
SHA256

77b0257adedde817246480017f013da08807671582ba85e6a08a47c619b81e38
SHA512

467a196f162d1c609f52880aa39c7326a2878f381498b94dec7a88d2fbb1e332221e5d780fcd1925b4a62f064ad8b5beed252727f65c90a436eb1cb84bddf1d0
SSDEEP

3072:y9jbLl/gvQoutE1Tj4mYWR/Rew24pRB+5UVsZcPVY5wP5KjD5VBXi:0jluQoSuIo5R+4Z+5Gcc0jjtVBS

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2028-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x000800000001644c-5.dat	upx
behavioral1/memory/2028-21-0x0000000004C30000-0x0000000004C4E000-memory.dmp	upx
behavioral1/memory/2948-23-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3012-66-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2028-67-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2348-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2836-86-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2948-85-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2844-87-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2884-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3012-90-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/292-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2348-99-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/740-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2412-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1620-102-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3004-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2028-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2844-108-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1812-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2312-113-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3032-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2180-114-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2264-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2300-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1748-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2244-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2400-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2148-119-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2352-121-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2588-123-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3004-124-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2840-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2816-127-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2808-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2240-132-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1172-134-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1904-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1932-137-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2176-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2684-140-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2604-141-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1728-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2712-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2932-144-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2616-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1056-146-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2716-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1152-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1088-149-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1360-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2020-151-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2028-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\I:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\M:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\N:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\T:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\Y:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\K:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\O:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\P:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\Q:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\X:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\A:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\B:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\E:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\G:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\R:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\S:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\V:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\J:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\L:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\U:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\W:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File opened (read-only)	\??\Z:	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\trambling masturbation .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish hardcore [free] .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\System32\DriverStore\Temp\horse fucking girls feet .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\italian animal [free] castration (Gina).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\handjob cum [bangbus] beautyfull .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob nude several models .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\IME\shared\gay trambling big hairy .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french nude voyeur hotel .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn [free] mistress .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia horse bukkake big circumcision (Liz).rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german fetish nude big .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files\DVD Maker\Shared\italian cum [milf] shoes (Sarah).mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse gay voyeur bedroom .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\animal licking feet granny (Christine).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish bukkake horse sleeping legs latex .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\lingerie beast girls shower .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german trambling fucking voyeur penetration .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\chinese trambling masturbation .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Google\Update\Download\british xxx catfight nipples .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish handjob [free] .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fetish blowjob hot (!) .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish trambling action big cock .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files\Windows Journal\Templates\italian horse hot (!) circumcision (Samantha).mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Google\Temp\nude lesbian voyeur (Sandy,Liz).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish fucking horse lesbian wifey (Anniston,Liz).mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cum several models penetration .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\german gang bang hardcore hidden stockings .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\security\templates\sperm blowjob [milf] legs (Curtney,Sonja).mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\porn sperm public boobs femdom .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\brasilian beastiality masturbation vagina YEâPSè& .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black lesbian full movie .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish bukkake fucking [bangbus] .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\animal licking .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse masturbation (Britney,Britney).avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\beastiality porn public .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\canadian fucking action voyeur .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\hardcore girls beautyfull .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian cumshot cumshot hot (!) bondage .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian porn bukkake big .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm hot (!) .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\danish horse blowjob sleeping balls .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\british animal hardcore several models (Samantha).mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\danish cumshot hidden ìï (Sarah,Sonja).avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\xxx action [free] vagina boots .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\chinese action beastiality uncut .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\black handjob gang bang several models ejaculation .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\bukkake [free] .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\brasilian lesbian cum catfight stockings (Janette,Melissa).avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish fucking nude hidden nipples .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian horse kicking lesbian .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black handjob kicking uncut .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\kicking hardcore public .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beast cum sleeping (Kathrin,Janette).rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\indian gang bang handjob [free] (Christine,Britney).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish handjob beast full movie boobs black hairunshaved .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german beastiality [free] circumcision (Sonja,Liz).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\lesbian big glans redhair (Christine).mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian handjob several models .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian sperm lesbian black hairunshaved .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\tmp\cumshot uncut .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\japanese beast action uncut vagina granny .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse big glans .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\nude big legs (Sonja,Anniston).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse girls (Anniston).rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\porn fetish full movie legs (Kathrin,Gina).mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\cum [bangbus] femdom (Anniston).zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\fetish sperm girls granny .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\german hardcore [bangbus] .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\malaysia gay sperm [milf] hairy .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\brasilian horse xxx catfight mistress .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\tyrkish xxx gay masturbation 50+ .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\american cum catfight .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\temp\swedish cum beastiality [free] gorgeoushorny .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese hardcore [bangbus] traffic .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gay voyeur vagina .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\Downloaded Program Files\animal girls vagina .avi.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\PLA\Templates\asian kicking beast uncut nipples leather .mpeg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\chinese fetish full movie pregnant .zip.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\trambling licking hole .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\SoftwareDistribution\Download\asian cum [free] glans .rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\mssrv.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm [free] (Sonja,Sonja).rar.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\german animal uncut .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\norwegian trambling gang bang sleeping ash .mpg.exe	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2884	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
292	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
740	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1620	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2412	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
3004	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2816	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2840	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2808	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2884	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1812	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
740	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2352	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
3032	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
292	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2264	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2300	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2312	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2412	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2180	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2244	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1620	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1748	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1748	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2400	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2400	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2148	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2148	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1056	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1056	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1152	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1152	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1088	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
1088	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2948	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	28
PID 2028 wrote to memory of 2948	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	28
PID 2028 wrote to memory of 2948	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	28
PID 2028 wrote to memory of 2948	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	28
PID 2948 wrote to memory of 3012	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	29
PID 2948 wrote to memory of 3012	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	29
PID 2948 wrote to memory of 3012	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	29
PID 2948 wrote to memory of 3012	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	29
PID 2028 wrote to memory of 2348	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	30
PID 2028 wrote to memory of 2348	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	30
PID 2028 wrote to memory of 2348	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	30
PID 2028 wrote to memory of 2348	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	30
PID 3012 wrote to memory of 2836	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	31
PID 3012 wrote to memory of 2836	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	31
PID 3012 wrote to memory of 2836	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	31
PID 3012 wrote to memory of 2836	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	31
PID 2948 wrote to memory of 2844	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	32
PID 2948 wrote to memory of 2844	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	32
PID 2948 wrote to memory of 2844	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	32
PID 2948 wrote to memory of 2844	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	32
PID 2348 wrote to memory of 2588	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	33
PID 2348 wrote to memory of 2588	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	33
PID 2348 wrote to memory of 2588	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	33
PID 2348 wrote to memory of 2588	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	33
PID 2028 wrote to memory of 2884	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	34
PID 2028 wrote to memory of 2884	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	34
PID 2028 wrote to memory of 2884	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	34
PID 2028 wrote to memory of 2884	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	34
PID 2836 wrote to memory of 292	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	35
PID 2836 wrote to memory of 292	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	35
PID 2836 wrote to memory of 292	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	35
PID 2836 wrote to memory of 292	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	35
PID 3012 wrote to memory of 740	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	36
PID 3012 wrote to memory of 740	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	36
PID 3012 wrote to memory of 740	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	36
PID 3012 wrote to memory of 740	3012	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	36
PID 2948 wrote to memory of 1620	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	37
PID 2948 wrote to memory of 1620	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	37
PID 2948 wrote to memory of 1620	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	37
PID 2948 wrote to memory of 1620	2948	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	37
PID 2844 wrote to memory of 2412	2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	38
PID 2844 wrote to memory of 2412	2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	38
PID 2844 wrote to memory of 2412	2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	38
PID 2844 wrote to memory of 2412	2844	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	38
PID 2028 wrote to memory of 2840	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	41
PID 2028 wrote to memory of 2840	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	41
PID 2028 wrote to memory of 2840	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	41
PID 2028 wrote to memory of 2840	2028	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	41
PID 2588 wrote to memory of 3004	2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	40
PID 2588 wrote to memory of 3004	2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	40
PID 2588 wrote to memory of 3004	2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	40
PID 2588 wrote to memory of 3004	2588	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	40
PID 2348 wrote to memory of 2808	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	39
PID 2348 wrote to memory of 2808	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	39
PID 2348 wrote to memory of 2808	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	39
PID 2348 wrote to memory of 2808	2348	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	39
PID 2884 wrote to memory of 2816	2884	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	42
PID 2884 wrote to memory of 2816	2884	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	42
PID 2884 wrote to memory of 2816	2884	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	42
PID 2884 wrote to memory of 2816	2884	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	42
PID 2836 wrote to memory of 1812	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	45
PID 2836 wrote to memory of 1812	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	45
PID 2836 wrote to memory of 1812	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	45
PID 2836 wrote to memory of 1812	2836	NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe	45

C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        9⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        9⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:11692
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:11144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:11128
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:7460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:16368
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        7⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:10204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:8836
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:10784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:7160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:14312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:10380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:17320
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:9520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:10700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        6⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:7684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:5760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:7300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:9840
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:10624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:9092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:6040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:10180
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:11032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:10188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:5912
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:8740
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
      4⤵
      PID:12076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:7452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:10396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:17520
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
    3⤵
    PID:11136
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  PID:5896
- C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.632a99ee39c4c6495cfb061b7a2ce450_JC.exe"
  2⤵
  PID:8732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\german trambling fucking voyeur penetration .zip.exe

Filesize
435KB

MD5
9e9c59c099e4c20aa9a1b557340ecf88

SHA1
37939ad797ea232e46c112d5b66db347bf8f925c

SHA256
1156e4fba2983a03508424a29d7c2a41e3e3e4daad7a8d63c9f444d4a96f3a28

SHA512
e3d6e7df8f8a04f6c5b80b5797e9bed507fc2b714c7137f70b57279b6243425c6ca0aafe1eca1b9737b447713e84aec59f9facb215f20043662c7db14a55cfba

Download Submit
memory/292-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/740-130-0x0000000000520000-0x000000000053E000-memory.dmp

Filesize
120KB

Download
memory/740-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/740-110-0x0000000000520000-0x000000000053E000-memory.dmp

Filesize
120KB

Download
memory/1056-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1088-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1152-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1172-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1360-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1620-102-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1728-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1748-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1812-133-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/1812-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1904-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1932-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2020-151-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2028-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2028-21-0x0000000004C30000-0x0000000004C4E000-memory.dmp

Filesize
120KB

Download
memory/2028-67-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2028-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2028-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2028-88-0x0000000004FA0000-0x0000000004FBE000-memory.dmp

Filesize
120KB

Download
memory/2148-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2176-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2180-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2240-132-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2244-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2264-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2300-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2312-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2348-99-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2348-122-0x0000000004590000-0x00000000045AE000-memory.dmp

Filesize
120KB

Download
memory/2348-142-0x0000000004930000-0x000000000494E000-memory.dmp

Filesize
120KB

Download
memory/2348-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2352-121-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2400-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2412-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-141-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2684-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2716-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2808-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2836-109-0x0000000001DD0000-0x0000000001DEE000-memory.dmp

Filesize
120KB

Download
memory/2836-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2840-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-108-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-128-0x00000000047B0000-0x00000000047CE000-memory.dmp

Filesize
120KB

Download
memory/2844-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2884-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2932-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2948-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2948-85-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3004-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3004-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3012-125-0x00000000045D0000-0x00000000045EE000-memory.dmp

Filesize
120KB

Download
memory/3012-106-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/3012-66-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3012-84-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/3012-90-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3012-101-0x00000000045D0000-0x00000000045EE000-memory.dmp

Filesize
120KB

Download
memory/3032-136-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/3032-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download