01b96d3ed98d7c24520339358f200e5c0655669c93ae8c50ebe73747b82ddb80

Analysis

max time kernel
19s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
Size

803KB
MD5

a8cfa4e77ddeb09c3019a2d4dd0ecf30
SHA1

9082306ac1ba3bedc7cb44dd96be237bf196c50d
SHA256

01b96d3ed98d7c24520339358f200e5c0655669c93ae8c50ebe73747b82ddb80
SHA512

91658684c3c698eb6ad22b73e2aa4ec59203eb65c9339c54a0a76f9eed60cd06ebf3a5b4e2454f6ac5c043b49cf71a13a745a1ac3d39314f16e7555bb61600ee
SSDEEP

24576:A8Ng+19KgT5+Iox1twCNtdR2cdMRGgYpNi:Ae399no5dRg

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 35 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0007000000016d66-5.dat	upx
behavioral1/memory/2984-28-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1696-29-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2800-59-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2948-61-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2956-62-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1932-64-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2652-71-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2244-72-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1940-73-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2572-74-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1876-76-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1952-75-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1584-77-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1636-78-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/524-79-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/240-80-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2984-82-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2828-85-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1940-86-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2244-83-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1340-84-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1952-87-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1584-89-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1876-88-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/240-90-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2824-93-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2044-96-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2836-97-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2108-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2240-102-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1156-104-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1744-106-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1880-108-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\J:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\O:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\W:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\Z:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\E:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\L:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\N:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\P:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\X:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\S:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\U:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\V:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\A:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\G:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\I:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\M:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\Q:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\Y:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\B:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\K:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\R:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File opened (read-only)	\??\T:	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\american handjob sperm [free] titts ash .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese porn sperm several models wifey .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore lesbian glans .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian horse horse [free] ìï .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian cum horse masturbation titts .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\indian animal gay several models .rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake uncut titts .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\blowjob girls beautyfull .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black beastiality bukkake sleeping titts stockings .mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast lesbian 40+ (Jenna,Liz).avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Google\Temp\black action lesbian [bangbus] gorgeoushorny (Christine,Liz).mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Google\Update\Download\black nude trambling [bangbus] titts gorgeoushorny .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\bukkake public .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm big hole YEâPSè& (Liz).mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black porn blowjob [bangbus] glans .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish nude blowjob masturbation hole sweet .mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files\Windows Journal\Templates\trambling catfight sm .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast full movie titts ejaculation .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish handjob fucking big ¤ã .mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian horse [bangbus] hole (Britney,Karin).rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian nude lesbian several models .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish porn gay [bangbus] cock black hairunshaved .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american nude sperm girls shoes (Gina,Karin).mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\temp\beastiality bukkake lesbian titts lady .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling masturbation glans ash .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake catfight feet (Sandy,Liz).avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\tmp\lingerie hot (!) stockings (Sonja,Samantha).rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american nude sperm several models glans YEâPSè& .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\PLA\Templates\blowjob voyeur titts 40+ (Janette).mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beast full movie hole .mpg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\gay full movie cock hotel .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\sperm voyeur mistress .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\xxx public girly .mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob voyeur feet stockings (Sarah).avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\mssrv.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian cumshot fucking public young .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian public YEâPSè& .mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\security\templates\horse licking .mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black nude hardcore voyeur .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american cumshot blowjob public penetration .zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore lesbian titts high heels .rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\bukkake licking .rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian cum beast licking titts (Anniston,Karin).zip.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish nude xxx licking traffic .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\SoftwareDistribution\Download\french blowjob sleeping boots .rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian porn fucking [bangbus] pregnant (Christine,Sylvia).mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian fetish fucking big glans upskirt (Liz).avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian fetish hardcore sleeping titts YEâPSè& .avi.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\Downloaded Program Files\italian cumshot beast voyeur pregnant (Kathrin,Melissa).rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\black porn gay uncut cock traffic (Liz).mpeg.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american kicking horse uncut .rar.exe	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2244	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1940	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1636	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1952	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1876	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1584	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
524	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
240	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2828	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1340	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1940	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2244	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2044	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2824	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2836	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2108	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2240	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1156	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2084	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1880	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
3064	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2076	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1744	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
3060	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1220	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1636	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1952	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1876	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
1584	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2300	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
2300	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
524	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
524	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2800	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	28
PID 2984 wrote to memory of 2800	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	28
PID 2984 wrote to memory of 2800	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	28
PID 2984 wrote to memory of 2800	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	28
PID 2800 wrote to memory of 2652	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	29
PID 2800 wrote to memory of 2652	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	29
PID 2800 wrote to memory of 2652	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	29
PID 2800 wrote to memory of 2652	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	29
PID 2984 wrote to memory of 1696	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	30
PID 2984 wrote to memory of 1696	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	30
PID 2984 wrote to memory of 1696	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	30
PID 2984 wrote to memory of 1696	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	30
PID 2652 wrote to memory of 2572	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	31
PID 2652 wrote to memory of 2572	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	31
PID 2652 wrote to memory of 2572	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	31
PID 2652 wrote to memory of 2572	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	31
PID 2800 wrote to memory of 2948	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	32
PID 2800 wrote to memory of 2948	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	32
PID 2800 wrote to memory of 2948	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	32
PID 2800 wrote to memory of 2948	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	32
PID 1696 wrote to memory of 2956	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	34
PID 1696 wrote to memory of 2956	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	34
PID 1696 wrote to memory of 2956	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	34
PID 1696 wrote to memory of 2956	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	34
PID 2984 wrote to memory of 1932	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	33
PID 2984 wrote to memory of 1932	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	33
PID 2984 wrote to memory of 1932	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	33
PID 2984 wrote to memory of 1932	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	33
PID 2572 wrote to memory of 2244	2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	35
PID 2572 wrote to memory of 2244	2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	35
PID 2572 wrote to memory of 2244	2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	35
PID 2572 wrote to memory of 2244	2572	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	35
PID 2652 wrote to memory of 1940	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	36
PID 2652 wrote to memory of 1940	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	36
PID 2652 wrote to memory of 1940	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	36
PID 2652 wrote to memory of 1940	2652	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	36
PID 1696 wrote to memory of 1636	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	37
PID 1696 wrote to memory of 1636	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	37
PID 1696 wrote to memory of 1636	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	37
PID 1696 wrote to memory of 1636	1696	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	37
PID 2984 wrote to memory of 1952	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	39
PID 2984 wrote to memory of 1952	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	39
PID 2984 wrote to memory of 1952	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	39
PID 2984 wrote to memory of 1952	2984	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	39
PID 2800 wrote to memory of 1876	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	38
PID 2800 wrote to memory of 1876	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	38
PID 2800 wrote to memory of 1876	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	38
PID 2800 wrote to memory of 1876	2800	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	38
PID 2948 wrote to memory of 1584	2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	41
PID 2948 wrote to memory of 1584	2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	41
PID 2948 wrote to memory of 1584	2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	41
PID 2948 wrote to memory of 1584	2948	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	41
PID 2956 wrote to memory of 524	2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	40
PID 2956 wrote to memory of 524	2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	40
PID 2956 wrote to memory of 524	2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	40
PID 2956 wrote to memory of 524	2956	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	40
PID 1932 wrote to memory of 240	1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	42
PID 1932 wrote to memory of 240	1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	42
PID 1932 wrote to memory of 240	1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	42
PID 1932 wrote to memory of 240	1932	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	42
PID 2244 wrote to memory of 2828	2244	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	43
PID 2244 wrote to memory of 2828	2244	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	43
PID 2244 wrote to memory of 2828	2244	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	43
PID 2244 wrote to memory of 2828	2244	NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        9⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:9736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:9776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:12308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:10152
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:11600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:8228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:10320
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        7⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:9656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:8468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:9844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:12472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:8556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:5764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:9832
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:13616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:9552
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:11084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:10144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:5464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:10256
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        6⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:11920
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:11092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:9020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:14072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:9728
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
        5⤵
        
        PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:8460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:8404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:11068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:9004
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:8548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
      4⤵
      PID:11180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:8436
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  PID:3668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
    3⤵
    PID:8364
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  PID:5360
- C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.a8cfa4e77ddeb09c3019a2d4dd0ecf30.exe"
  2⤵
  PID:8484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\beast lesbian 40+ (Jenna,Liz).avi.exe

Filesize
1.7MB

MD5
633fd443fe9a68dcd863906a9acc8f00

SHA1
e29323aa7e3d4cabe385d7c53bf79ec08211b700

SHA256
2a348201113d92dac3376bc8aefbb7cc0358995afae23f872cf8dd3893885cc2

SHA512
de27be6615e58ac23dc4872140d4f5a4005200b52a3bf5361e3ac6804dcee7fccf67c42ee897894f9ee217f73225b09256ca62656a84caa7ed97ccf56afef339

Download Submit
memory/240-80-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/240-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/524-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1156-104-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1340-84-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1584-77-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1584-89-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1636-78-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1636-109-0x00000000045A0000-0x00000000045BC000-memory.dmp

Filesize
112KB

Download
memory/1696-29-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1696-60-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/1744-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1876-101-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/1876-88-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1876-110-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/1876-76-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1880-108-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1932-107-0x00000000046A0000-0x00000000046BC000-memory.dmp

Filesize
112KB

Download
memory/1932-64-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-73-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-86-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1952-75-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1952-87-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2044-96-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2240-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2244-72-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2244-83-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2572-70-0x0000000000500000-0x000000000051C000-memory.dmp

Filesize
112KB

Download
memory/2572-92-0x0000000004570000-0x000000000458C000-memory.dmp

Filesize
112KB

Download
memory/2572-74-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2652-94-0x00000000045E0000-0x00000000045FC000-memory.dmp

Filesize
112KB

Download
memory/2652-71-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2800-100-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2800-25-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/2800-91-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2800-59-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2800-69-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/2824-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2828-85-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2836-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2948-103-0x00000000046E0000-0x00000000046FC000-memory.dmp

Filesize
112KB

Download
memory/2948-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2956-95-0x0000000004A50000-0x0000000004A6C000-memory.dmp

Filesize
112KB

Download
memory/2956-105-0x0000000004A50000-0x0000000004A6C000-memory.dmp

Filesize
112KB

Download
memory/2956-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2984-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2984-63-0x00000000049D0000-0x00000000049EC000-memory.dmp

Filesize
112KB

Download
memory/2984-81-0x00000000049D0000-0x00000000049EC000-memory.dmp

Filesize
112KB

Download
memory/2984-28-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2984-82-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download