e1f6fd19c45bf4bfe8c8676b452a5f593b282bf36ccb8c4060f26ee5c5244206

Analysis

max time kernel
22s
max time network
143s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 08:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f4d3c1268808e02111799624accc5750.exe
Size

1.5MB
MD5

f4d3c1268808e02111799624accc5750
SHA1

d569e96998916166ebc1c5fddbed8ce829c85357
SHA256

e1f6fd19c45bf4bfe8c8676b452a5f593b282bf36ccb8c4060f26ee5c5244206
SHA512

b71af9331d0073bfba0b319a1d685f0040580aacc89ee2d59a8daa0dfc9c73f4a5b7ee8d8ef25d205727a7c9f070ab97d397b64aeb1dd948645922e61270b837
SSDEEP

24576:VLF0E1r/wl54gLy/6s5yEV/9mzfNkkEt1AEELDey+ayMZu:RF0q/u4gLyhfsT+kEfAbLDelayMI

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1888-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2120-4-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0008000000014c15-6.dat	upx
behavioral1/memory/1888-49-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2748-54-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2956-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2120-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1192-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2520-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2052-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1992-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2912-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2924-65-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1832-66-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/836-67-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2780-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2700-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2852-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2864-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/524-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2880-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2884-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1068-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/792-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2968-79-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2360-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1604-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2444-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/824-81-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2204-82-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2220-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1444-84-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2088-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2912-86-0x0000000004A50000-0x0000000004A6F000-memory.dmp	upx
behavioral1/memory/1276-87-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1988-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1192-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2520-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1992-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1972-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1276-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1948-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1976-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1972-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1948-101-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1576-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1148-108-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3040-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1952-110-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2628-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/824-115-0x00000000047B0000-0x00000000047CF000-memory.dmp	upx
behavioral1/memory/1720-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/940-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.f4d3c1268808e02111799624accc5750.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\U:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\X:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\J:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\K:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\N:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\R:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\S:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\B:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\E:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\H:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\I:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\P:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\Q:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\T:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\V:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\W:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\Y:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\G:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\L:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\M:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\O:	NEAS.f4d3c1268808e02111799624accc5750.exe
File opened (read-only)	\??\Z:	NEAS.f4d3c1268808e02111799624accc5750.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\bukkake lesbian (Anniston,Samantha).avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\norwegian cumshot [bangbus] boobs (Anniston,Tatjana).mpeg.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\kicking hardcore uncut traffic .avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gang bang full movie ¤ã (Tatjana,Sonja).avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\malaysia handjob xxx voyeur feet .avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\porn action uncut vagina shower .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files\DVD Maker\Shared\spanish cum catfight granny .mpeg.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian cum hidden titts upskirt .rar.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish cum horse voyeur ash .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\blowjob horse catfight .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian gang bang lesbian beautyfull .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files\Windows Journal\Templates\trambling fetish masturbation mistress .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gang bang cum big .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british hardcore horse [free] femdom .avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Program Files (x86)\Google\Temp\japanese hardcore gang bang girls redhair .zip.exe	NEAS.f4d3c1268808e02111799624accc5750.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese beastiality hot (!) (Jade,Gina).rar.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish horse sleeping cock .avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob horse masturbation YEâPSè& (Jenna,Samantha).mpg.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore cumshot hot (!) .rar.exe	NEAS.f4d3c1268808e02111799624accc5750.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish kicking full movie (Jade).avi.exe	NEAS.f4d3c1268808e02111799624accc5750.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
1888	NEAS.f4d3c1268808e02111799624accc5750.exe
2120	NEAS.f4d3c1268808e02111799624accc5750.exe
1888	NEAS.f4d3c1268808e02111799624accc5750.exe
2748	NEAS.f4d3c1268808e02111799624accc5750.exe
2956	NEAS.f4d3c1268808e02111799624accc5750.exe
2120	NEAS.f4d3c1268808e02111799624accc5750.exe
1888	NEAS.f4d3c1268808e02111799624accc5750.exe
1192	NEAS.f4d3c1268808e02111799624accc5750.exe
2520	NEAS.f4d3c1268808e02111799624accc5750.exe
2052	NEAS.f4d3c1268808e02111799624accc5750.exe
2748	NEAS.f4d3c1268808e02111799624accc5750.exe
1992	NEAS.f4d3c1268808e02111799624accc5750.exe
2120	NEAS.f4d3c1268808e02111799624accc5750.exe
2956	NEAS.f4d3c1268808e02111799624accc5750.exe
1888	NEAS.f4d3c1268808e02111799624accc5750.exe
2912	NEAS.f4d3c1268808e02111799624accc5750.exe
2924	NEAS.f4d3c1268808e02111799624accc5750.exe
1832	NEAS.f4d3c1268808e02111799624accc5750.exe
836	NEAS.f4d3c1268808e02111799624accc5750.exe
1192	NEAS.f4d3c1268808e02111799624accc5750.exe
2052	NEAS.f4d3c1268808e02111799624accc5750.exe
2748	NEAS.f4d3c1268808e02111799624accc5750.exe
2520	NEAS.f4d3c1268808e02111799624accc5750.exe
2780	NEAS.f4d3c1268808e02111799624accc5750.exe
2852	NEAS.f4d3c1268808e02111799624accc5750.exe
1888	NEAS.f4d3c1268808e02111799624accc5750.exe
2956	NEAS.f4d3c1268808e02111799624accc5750.exe
2120	NEAS.f4d3c1268808e02111799624accc5750.exe
2700	NEAS.f4d3c1268808e02111799624accc5750.exe
2864	NEAS.f4d3c1268808e02111799624accc5750.exe
2912	NEAS.f4d3c1268808e02111799624accc5750.exe
2880	NEAS.f4d3c1268808e02111799624accc5750.exe
524	NEAS.f4d3c1268808e02111799624accc5750.exe
1192	NEAS.f4d3c1268808e02111799624accc5750.exe
1604	NEAS.f4d3c1268808e02111799624accc5750.exe
2884	NEAS.f4d3c1268808e02111799624accc5750.exe
2748	NEAS.f4d3c1268808e02111799624accc5750.exe
2520	NEAS.f4d3c1268808e02111799624accc5750.exe
2956	NEAS.f4d3c1268808e02111799624accc5750.exe
1068	NEAS.f4d3c1268808e02111799624accc5750.exe
1888	NEAS.f4d3c1268808e02111799624accc5750.exe
792	NEAS.f4d3c1268808e02111799624accc5750.exe
2360	NEAS.f4d3c1268808e02111799624accc5750.exe
2968	NEAS.f4d3c1268808e02111799624accc5750.exe
2120	NEAS.f4d3c1268808e02111799624accc5750.exe
2852	NEAS.f4d3c1268808e02111799624accc5750.exe
2700	NEAS.f4d3c1268808e02111799624accc5750.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2120	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	28
PID 1888 wrote to memory of 2120	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	28
PID 1888 wrote to memory of 2120	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	28
PID 1888 wrote to memory of 2120	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	28
PID 2120 wrote to memory of 2748	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	29
PID 2120 wrote to memory of 2748	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	29
PID 2120 wrote to memory of 2748	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	29
PID 2120 wrote to memory of 2748	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	29
PID 1888 wrote to memory of 2956	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	30
PID 1888 wrote to memory of 2956	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	30
PID 1888 wrote to memory of 2956	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	30
PID 1888 wrote to memory of 2956	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	30
PID 2748 wrote to memory of 1192	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	31
PID 2748 wrote to memory of 1192	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	31
PID 2748 wrote to memory of 1192	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	31
PID 2748 wrote to memory of 1192	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	31
PID 2956 wrote to memory of 2520	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	34
PID 2956 wrote to memory of 2520	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	34
PID 2956 wrote to memory of 2520	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	34
PID 2956 wrote to memory of 2520	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	34
PID 2120 wrote to memory of 2052	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	32
PID 2120 wrote to memory of 2052	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	32
PID 2120 wrote to memory of 2052	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	32
PID 2120 wrote to memory of 2052	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	32
PID 1888 wrote to memory of 1992	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	33
PID 1888 wrote to memory of 1992	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	33
PID 1888 wrote to memory of 1992	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	33
PID 1888 wrote to memory of 1992	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	33
PID 1192 wrote to memory of 2912	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	35
PID 1192 wrote to memory of 2912	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	35
PID 1192 wrote to memory of 2912	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	35
PID 1192 wrote to memory of 2912	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	35
PID 2520 wrote to memory of 2924	2520	NEAS.f4d3c1268808e02111799624accc5750.exe	36
PID 2520 wrote to memory of 2924	2520	NEAS.f4d3c1268808e02111799624accc5750.exe	36
PID 2520 wrote to memory of 2924	2520	NEAS.f4d3c1268808e02111799624accc5750.exe	36
PID 2520 wrote to memory of 2924	2520	NEAS.f4d3c1268808e02111799624accc5750.exe	36
PID 2052 wrote to memory of 1832	2052	NEAS.f4d3c1268808e02111799624accc5750.exe	38
PID 2052 wrote to memory of 1832	2052	NEAS.f4d3c1268808e02111799624accc5750.exe	38
PID 2052 wrote to memory of 1832	2052	NEAS.f4d3c1268808e02111799624accc5750.exe	38
PID 2052 wrote to memory of 1832	2052	NEAS.f4d3c1268808e02111799624accc5750.exe	38
PID 2748 wrote to memory of 836	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	37
PID 2748 wrote to memory of 836	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	37
PID 2748 wrote to memory of 836	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	37
PID 2748 wrote to memory of 836	2748	NEAS.f4d3c1268808e02111799624accc5750.exe	37
PID 1888 wrote to memory of 2700	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	39
PID 1888 wrote to memory of 2700	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	39
PID 1888 wrote to memory of 2700	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	39
PID 1888 wrote to memory of 2700	1888	NEAS.f4d3c1268808e02111799624accc5750.exe	39
PID 2956 wrote to memory of 2780	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	40
PID 2956 wrote to memory of 2780	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	40
PID 2956 wrote to memory of 2780	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	40
PID 2956 wrote to memory of 2780	2956	NEAS.f4d3c1268808e02111799624accc5750.exe	40
PID 2120 wrote to memory of 2852	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	41
PID 2120 wrote to memory of 2852	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	41
PID 2120 wrote to memory of 2852	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	41
PID 2120 wrote to memory of 2852	2120	NEAS.f4d3c1268808e02111799624accc5750.exe	41
PID 2912 wrote to memory of 2864	2912	NEAS.f4d3c1268808e02111799624accc5750.exe	42
PID 2912 wrote to memory of 2864	2912	NEAS.f4d3c1268808e02111799624accc5750.exe	42
PID 2912 wrote to memory of 2864	2912	NEAS.f4d3c1268808e02111799624accc5750.exe	42
PID 2912 wrote to memory of 2864	2912	NEAS.f4d3c1268808e02111799624accc5750.exe	42
PID 1192 wrote to memory of 2880	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	43
PID 1192 wrote to memory of 2880	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	43
PID 1192 wrote to memory of 2880	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	43
PID 1192 wrote to memory of 2880	1192	NEAS.f4d3c1268808e02111799624accc5750.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        10⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        10⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:14204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:13296
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        9⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        8⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:10680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:13280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:10244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:14132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:15612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:11932
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        7⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:15548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:12532
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:12496
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        6⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:10668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:14812
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:13268
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:16036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:14780
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:14020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:7436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:11900
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
        5⤵
        
        PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:11940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:11484
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  PID:3440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
      4⤵
      PID:14428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:8636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:15604
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  PID:5080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:11452
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  PID:8084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
    3⤵
    PID:14404
- C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f4d3c1268808e02111799624accc5750.exe"
  2⤵
  PID:13288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\british hardcore horse [free] femdom .avi.exe

Filesize
624KB

MD5
c7468dd3e78346e9a3d16b2923bf55b2

SHA1
05df75a991b442057877d05b6c8e74c14e6598de

SHA256
b431f96e6d9be8891f1a0411a2f02fdcdee3c317f5ee92b909bb50d6e6ed4406

SHA512
b1f27ef0fc5e943fbad3c402cab9f67bcbdd6d665e0706ab989f6ab4320453a97dfbf978126322a94fdc465a11be5a7b0c0ade48a333ece0e09cf274fe85a376

Download Submit
memory/524-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/792-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/824-115-0x00000000047B0000-0x00000000047CF000-memory.dmp

Filesize
124KB

Download
memory/824-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/836-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/940-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1068-103-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/1068-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1148-108-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1192-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1192-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1276-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1276-87-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1444-84-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1576-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1720-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1832-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1888-61-0x0000000005060000-0x000000000507F000-memory.dmp

Filesize
124KB

Download
memory/1888-91-0x0000000005060000-0x000000000507F000-memory.dmp

Filesize
124KB

Download
memory/1888-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1888-56-0x0000000004EC0000-0x0000000004EDF000-memory.dmp

Filesize
124KB

Download
memory/1888-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1948-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1948-101-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1952-110-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1972-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1972-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1988-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1992-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1992-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2052-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2088-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2120-53-0x0000000004810000-0x000000000482F000-memory.dmp

Filesize
124KB

Download
memory/2120-4-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2120-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2120-92-0x0000000004820000-0x000000000483F000-memory.dmp

Filesize
124KB

Download
memory/2120-100-0x0000000004820000-0x000000000483F000-memory.dmp

Filesize
124KB

Download
memory/2204-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2220-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2360-104-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2360-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2444-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2520-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2520-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2628-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2700-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2748-54-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2780-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2852-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2852-118-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2864-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2880-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2884-106-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2884-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2912-86-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2912-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2924-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2956-95-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/2956-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2968-111-0x00000000047B0000-0x00000000047CF000-memory.dmp

Filesize
124KB

Download
memory/2968-79-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3040-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download