6009e6813c34021701bcb4c811487f6079bc7de72d098b0303b7b88e660e4f64

Analysis

max time kernel
69s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
Size

839KB
MD5

e4d2222b05bba6bd1f3b71a95371ce00
SHA1

7f5567435c00d62cfcdcc73e0bc5c007d7db8020
SHA256

6009e6813c34021701bcb4c811487f6079bc7de72d098b0303b7b88e660e4f64
SHA512

4b1de72deda9c8a6f2f6516b6d99ef84f8798df71506d5e95eccebf800b49ddd52d92208c535b2448afdea25d2112a490b83ae156f012c15eeea851ba05f143f
SSDEEP

24576:Yo2xlpqfPQVAN2Be8xcVGDuSWi+enMDRXu:XmpqcAN2B/WiEDRe

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3060-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3060-3-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2640-6-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2600-9-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2640-8-0x0000000004900000-0x000000000491E000-memory.dmp	upx
behavioral1/memory/2856-10-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2532-14-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2484-16-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2640-18-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2556-19-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3020-20-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000018b33-21.dat	upx
behavioral1/memory/268-31-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2600-27-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2868-30-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2832-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2992-32-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2352-33-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/480-34-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2856-37-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2584-38-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1080-39-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2832-50-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/268-52-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2992-53-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/480-56-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2352-55-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2868-64-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1976-65-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1080-66-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1100-67-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1484-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1584-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3020-75-0x00000000044F0000-0x000000000450E000-memory.dmp	upx
behavioral1/memory/1868-76-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1360-78-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\M:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\Y:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\S:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\X:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\L:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\P:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\U:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\V:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\W:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\Z:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\G:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\K:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\E:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\I:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\J:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\N:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\O:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\Q:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\A:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\B:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\R:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File opened (read-only)	\??\T:	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish cum beast hidden .mpeg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish gang bang xxx [bangbus] feet .avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie [milf] glans mature .avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Google\Update\Download\american fetish beast hidden granny (Britney,Sylvia).mpeg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish kicking bukkake sleeping .avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\indian nude trambling hidden bondage .rar.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling licking cock .rar.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files\Common Files\Microsoft Shared\beast public beautyfull .avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling [bangbus] 40+ .mpg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian animal hardcore catfight shower (Kathrin,Curtney).mpg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish beastiality fucking licking (Karin).mpg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files (x86)\Google\Temp\gay masturbation titts wifey .mpeg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files\DVD Maker\Shared\lingerie full movie titts .rar.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files\Windows Journal\Templates\japanese animal lingerie hot (!) .rar.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian cum horse lesbian hole shoes .mpeg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish beastiality bukkake hidden glans .zip.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese gang bang fucking several models feet (Gina,Melissa).avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\beast uncut 40+ .mpeg.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\blowjob voyeur redhair .rar.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse sleeping hole femdom .avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore [bangbus] cock (Gina,Liz).avi.exe	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2832	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2868	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
268	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2992	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2584	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2352	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
480	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1080	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1100	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1584	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2832	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1360	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2868	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2244	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2040	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2040	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1976	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1976	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2956	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2956	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1868	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1868	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1148	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
1148	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2284	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2284	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2640	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	29
PID 3060 wrote to memory of 2640	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	29
PID 3060 wrote to memory of 2640	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	29
PID 3060 wrote to memory of 2640	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	29
PID 2640 wrote to memory of 2600	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	30
PID 2640 wrote to memory of 2600	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	30
PID 2640 wrote to memory of 2600	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	30
PID 2640 wrote to memory of 2600	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	30
PID 3060 wrote to memory of 2856	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	31
PID 3060 wrote to memory of 2856	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	31
PID 3060 wrote to memory of 2856	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	31
PID 3060 wrote to memory of 2856	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	31
PID 2600 wrote to memory of 2532	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	32
PID 2600 wrote to memory of 2532	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	32
PID 2600 wrote to memory of 2532	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	32
PID 2600 wrote to memory of 2532	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	32
PID 2640 wrote to memory of 2484	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	33
PID 2640 wrote to memory of 2484	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	33
PID 2640 wrote to memory of 2484	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	33
PID 2640 wrote to memory of 2484	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	33
PID 3060 wrote to memory of 2556	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	34
PID 3060 wrote to memory of 2556	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	34
PID 3060 wrote to memory of 2556	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	34
PID 3060 wrote to memory of 2556	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	34
PID 2856 wrote to memory of 3020	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	35
PID 2856 wrote to memory of 3020	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	35
PID 2856 wrote to memory of 3020	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	35
PID 2856 wrote to memory of 3020	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	35
PID 2532 wrote to memory of 2832	2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	36
PID 2532 wrote to memory of 2832	2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	36
PID 2532 wrote to memory of 2832	2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	36
PID 2532 wrote to memory of 2832	2532	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	36
PID 2484 wrote to memory of 268	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	41
PID 2484 wrote to memory of 268	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	41
PID 2484 wrote to memory of 268	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	41
PID 2484 wrote to memory of 268	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	41
PID 2640 wrote to memory of 2868	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	37
PID 2640 wrote to memory of 2868	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	37
PID 2640 wrote to memory of 2868	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	37
PID 2640 wrote to memory of 2868	2640	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	37
PID 2600 wrote to memory of 2992	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	38
PID 2600 wrote to memory of 2992	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	38
PID 2600 wrote to memory of 2992	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	38
PID 2600 wrote to memory of 2992	2600	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	38
PID 3060 wrote to memory of 2352	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	39
PID 3060 wrote to memory of 2352	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	39
PID 3060 wrote to memory of 2352	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	39
PID 3060 wrote to memory of 2352	3060	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	39
PID 2856 wrote to memory of 2584	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	40
PID 2856 wrote to memory of 2584	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	40
PID 2856 wrote to memory of 2584	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	40
PID 2856 wrote to memory of 2584	2856	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	40
PID 3020 wrote to memory of 480	3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	42
PID 3020 wrote to memory of 480	3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	42
PID 3020 wrote to memory of 480	3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	42
PID 3020 wrote to memory of 480	3020	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	42
PID 2556 wrote to memory of 1080	2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	43
PID 2556 wrote to memory of 1080	2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	43
PID 2556 wrote to memory of 1080	2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	43
PID 2556 wrote to memory of 1080	2556	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	43
PID 2484 wrote to memory of 1100	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	44
PID 2484 wrote to memory of 1100	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	44
PID 2484 wrote to memory of 1100	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	44
PID 2484 wrote to memory of 1100	2484	NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe	44

C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        9⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:15816
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        8⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:12392
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:15672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:11204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:14156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:14736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:13412
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:12400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:12788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:10924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:8200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:13212
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        7⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:12416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:16208
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:14164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:5652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:14696
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:12432
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:14076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:13100
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
        5⤵
        
        PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:7676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:15808
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  PID:564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:6160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:13124
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  PID:3604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
      4⤵
      PID:13800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:13092
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:9068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
    3⤵
    PID:13596
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  PID:8888
- C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e4d2222b05bba6bd1f3b71a95371ce00.exe"
  2⤵
  PID:13580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian cum horse lesbian hole shoes .mpeg.exe

Filesize
1.9MB

MD5
ff4061244354db4ab6ab26d6063f4f71

SHA1
8c52ded9be78a0e9e8f3624abb56b2fc4967f75e

SHA256
5d2a1e765e760c865365d56d9f9ef99900592c81992ea568d2f727ee92ce4271

SHA512
3af439f829e2c801b3b44b2847246c961ee66da2aa466905dcd917b4a34dd5100f69b26bf2b29e6aad09b2b656f49b1d21c23fd8d94e38ec18ef239b8636bbf2

Download Submit
memory/268-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/268-77-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/268-52-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/480-56-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/480-34-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1080-39-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1080-66-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1100-67-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1360-78-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1484-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1584-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1868-76-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1976-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2352-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2352-33-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2484-63-0x0000000000540000-0x000000000055E000-memory.dmp

Filesize
120KB

Download
memory/2484-16-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2532-14-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2556-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2584-38-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-27-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-9-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-49-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2600-13-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2640-6-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-8-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/2640-18-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-15-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2832-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2832-50-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2856-10-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2856-37-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2868-51-0x0000000004670000-0x000000000468E000-memory.dmp

Filesize
120KB

Download
memory/2868-30-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2868-64-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-32-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-53-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-75-0x00000000044F0000-0x000000000450E000-memory.dmp

Filesize
120KB

Download
memory/3020-20-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3060-17-0x0000000004810000-0x000000000482E000-memory.dmp

Filesize
120KB

Download
memory/3060-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3060-35-0x0000000004820000-0x000000000483E000-memory.dmp

Filesize
120KB

Download
memory/3060-5-0x0000000004810000-0x000000000482E000-memory.dmp

Filesize
120KB

Download
memory/3060-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download