3c9e7c4d6270ad875afea4f926f276efb7969c927eb3534379d36bc2e1cafe78

Analysis

max time kernel
37s
max time network
137s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.eefdbc6661905754725e3f3e4e035510.exe
Size

1.1MB
MD5

eefdbc6661905754725e3f3e4e035510
SHA1

5230397ea8b1269a97f43c4184b7a76536912811
SHA256

3c9e7c4d6270ad875afea4f926f276efb7969c927eb3534379d36bc2e1cafe78
SHA512

05595d6cfc4b211db118630e61dc7baf916842bf938523b3cf0b4d2f6cbbd7b5ed8768d95c90f58cc8896606d951c5a6e97b932232486556616c71a37514659b
SSDEEP

24576:xnUG6a9GSHtBkgsrKftWQtVbOCTy1m7Ej0WchG6XI:FskGS7k7KVWQtV6E7/WchG6Y

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 37 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x000700000001560f-5.dat	upx
behavioral1/memory/2280-10-0x0000000004C90000-0x0000000004CAD000-memory.dmp	upx
behavioral1/memory/2700-11-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2700-54-0x00000000020C0000-0x00000000020DD000-memory.dmp	upx
behavioral1/memory/2572-55-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1740-57-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2280-58-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1868-67-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2700-65-0x0000000004610000-0x000000000462D000-memory.dmp	upx
behavioral1/memory/2800-70-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2700-69-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2756-71-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2792-73-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2012-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2572-93-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1740-95-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1956-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1648-99-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/592-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1472-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1868-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2800-103-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/788-104-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2280-105-0x0000000004FF0000-0x000000000500D000-memory.dmp	upx
behavioral1/memory/2012-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2384-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1956-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1972-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/592-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1648-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2768-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1584-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2036-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1732-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/788-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2320-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.eefdbc6661905754725e3f3e4e035510.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\W:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\B:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\H:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\N:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\P:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\U:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\Y:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\I:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\O:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\R:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\S:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\X:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\M:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\T:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\Z:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\A:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\G:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\J:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\K:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\L:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\E:	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File opened (read-only)	\??\Q:	NEAS.eefdbc6661905754725e3f3e4e035510.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish horse lingerie lesbian bedroom .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob licking traffic (Jenna,Karin).rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\System32\DriverStore\Temp\american cum blowjob [milf] hole shoes .avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish lesbian lesbian glans .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish handjob trambling uncut shower .zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fucking big hole swallow (Samantha).avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish cumshot horse girls .zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian horse fucking [free] feet black hairunshaved .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake hot (!) (Sarah).mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files\Windows Journal\Templates\blowjob voyeur latex (Jenna,Sylvia).zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\swedish action bukkake public feet wifey .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\swedish animal lingerie girls (Sylvia).zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese animal sperm full movie cock pregnant .rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse licking hole girly (Melissa).zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast lesbian .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files\Common Files\Microsoft Shared\lesbian hidden titts redhair .avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files\DVD Maker\Shared\brasilian gang bang beast masturbation (Janette).mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Google\Temp\sperm hot (!) shoes .avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob [milf] .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish nude trambling voyeur glans 40+ .avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american fetish blowjob big mistress .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black nude fucking girls hole .rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese nude gay masturbation feet .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling public circumcision .rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish action trambling uncut stockings .rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish nude sperm hot (!) fishy .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse sperm masturbation black hairunshaved .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese horse trambling licking .rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking [free] .zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\temp\sperm licking glans (Sonja,Tatjana).zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking hot (!) hairy .zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\mssrv.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish fetish blowjob [free] stockings .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm masturbation tÛ .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian kicking horse full movie granny .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking big cock (Britney,Melissa).rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american kicking gay public (Tatjana).mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black beastiality sperm big shower .mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\tmp\fucking licking cock .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian beastiality horse hot (!) feet redhair (Sylvia).zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\security\templates\bukkake full movie gorgeoushorny .avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie full movie .zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\trambling public hole young .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob full movie beautyfull .zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian horse xxx several models glans .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian nude blowjob full movie titts mistress (Karin).mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian nude fucking hot (!) glans penetration (Sarah).mpg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian cumshot lesbian girls titts 40+ (Melissa).avi.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\PLA\Templates\swedish action beast sleeping glans upskirt .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm [free] hairy .mpeg.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\Downloaded Program Files\brasilian kicking blowjob full movie hole .rar.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian cum xxx several models glans circumcision (Sylvia).zip.exe	NEAS.eefdbc6661905754725e3f3e4e035510.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2012	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1956	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1472	NEAS.eefdbc6661905754725e3f3e4e035510.exe
592	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1648	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2928	NEAS.eefdbc6661905754725e3f3e4e035510.exe
788	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2384	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1972	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2768	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1956	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1584	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2036	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2012	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1732	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2320	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1304	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1132	NEAS.eefdbc6661905754725e3f3e4e035510.exe
592	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1472	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1688	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1648	NEAS.eefdbc6661905754725e3f3e4e035510.exe
940	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1996	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1992	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2928	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe
788	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2396	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1492	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2164	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2324	NEAS.eefdbc6661905754725e3f3e4e035510.exe
2384	NEAS.eefdbc6661905754725e3f3e4e035510.exe
1532	NEAS.eefdbc6661905754725e3f3e4e035510.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2700	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	28
PID 2280 wrote to memory of 2700	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	28
PID 2280 wrote to memory of 2700	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	28
PID 2280 wrote to memory of 2700	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	28
PID 2700 wrote to memory of 2572	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	29
PID 2700 wrote to memory of 2572	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	29
PID 2700 wrote to memory of 2572	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	29
PID 2700 wrote to memory of 2572	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	29
PID 2280 wrote to memory of 1740	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	30
PID 2280 wrote to memory of 1740	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	30
PID 2280 wrote to memory of 1740	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	30
PID 2280 wrote to memory of 1740	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	30
PID 2700 wrote to memory of 1868	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	31
PID 2700 wrote to memory of 1868	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	31
PID 2700 wrote to memory of 1868	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	31
PID 2700 wrote to memory of 1868	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	31
PID 2572 wrote to memory of 2800	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	32
PID 2572 wrote to memory of 2800	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	32
PID 2572 wrote to memory of 2800	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	32
PID 2572 wrote to memory of 2800	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	32
PID 1740 wrote to memory of 2756	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	34
PID 1740 wrote to memory of 2756	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	34
PID 1740 wrote to memory of 2756	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	34
PID 1740 wrote to memory of 2756	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	34
PID 2280 wrote to memory of 2792	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	33
PID 2280 wrote to memory of 2792	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	33
PID 2280 wrote to memory of 2792	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	33
PID 2280 wrote to memory of 2792	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	33
PID 2700 wrote to memory of 2012	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	35
PID 2700 wrote to memory of 2012	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	35
PID 2700 wrote to memory of 2012	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	35
PID 2700 wrote to memory of 2012	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	35
PID 1868 wrote to memory of 1956	1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe	36
PID 1868 wrote to memory of 1956	1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe	36
PID 1868 wrote to memory of 1956	1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe	36
PID 1868 wrote to memory of 1956	1868	NEAS.eefdbc6661905754725e3f3e4e035510.exe	36
PID 2800 wrote to memory of 1472	2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe	37
PID 2800 wrote to memory of 1472	2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe	37
PID 2800 wrote to memory of 1472	2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe	37
PID 2800 wrote to memory of 1472	2800	NEAS.eefdbc6661905754725e3f3e4e035510.exe	37
PID 1740 wrote to memory of 592	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	39
PID 1740 wrote to memory of 592	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	39
PID 1740 wrote to memory of 592	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	39
PID 1740 wrote to memory of 592	1740	NEAS.eefdbc6661905754725e3f3e4e035510.exe	39
PID 2756 wrote to memory of 1648	2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe	38
PID 2756 wrote to memory of 1648	2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe	38
PID 2756 wrote to memory of 1648	2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe	38
PID 2756 wrote to memory of 1648	2756	NEAS.eefdbc6661905754725e3f3e4e035510.exe	38
PID 2572 wrote to memory of 788	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	40
PID 2572 wrote to memory of 788	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	40
PID 2572 wrote to memory of 788	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	40
PID 2572 wrote to memory of 788	2572	NEAS.eefdbc6661905754725e3f3e4e035510.exe	40
PID 2280 wrote to memory of 2928	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	41
PID 2280 wrote to memory of 2928	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	41
PID 2280 wrote to memory of 2928	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	41
PID 2280 wrote to memory of 2928	2280	NEAS.eefdbc6661905754725e3f3e4e035510.exe	41
PID 2792 wrote to memory of 2384	2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe	42
PID 2792 wrote to memory of 2384	2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe	42
PID 2792 wrote to memory of 2384	2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe	42
PID 2792 wrote to memory of 2384	2792	NEAS.eefdbc6661905754725e3f3e4e035510.exe	42
PID 2700 wrote to memory of 2768	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	43
PID 2700 wrote to memory of 2768	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	43
PID 2700 wrote to memory of 2768	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	43
PID 2700 wrote to memory of 2768	2700	NEAS.eefdbc6661905754725e3f3e4e035510.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        9⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:9480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:9096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:7020
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        7⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:1784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7516
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:9504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:6848
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:5788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:9904
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:12112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:7892
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:836
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:1296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:7036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:5636
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
      4⤵
      PID:8524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:6824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:12216
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  PID:3660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:8968
- C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
  2⤵
  PID:6040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eefdbc6661905754725e3f3e4e035510.exe"
    3⤵
    PID:9000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish nude trambling voyeur glans 40+ .avi.exe

Filesize
920KB

MD5
7706ba9a623bfa92de3403c24abb429d

SHA1
bf11900db823d2995db8de5fdc7422412c0ead91

SHA256
00163df1c43ca85d5b435d80251a11f3211dfe2266dc23204c1627e4960ca210

SHA512
7fc6e776965c9e7ec89a076847b95de9972704f517af9c63ccfc53c4e0e2e7a13b0e2845ea3252b0502a99e5a15a80d15bb35811b51f4398d27539c66b5079c0

Download Submit
memory/592-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/592-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/788-104-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/788-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1472-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1584-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1648-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1648-99-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1732-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1740-72-0x0000000001E60000-0x0000000001E7D000-memory.dmp

Filesize
116KB

Download
memory/1740-95-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1740-57-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-67-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1956-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1956-115-0x0000000000740000-0x000000000075D000-memory.dmp

Filesize
116KB

Download
memory/1956-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1972-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2012-118-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2012-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2012-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2036-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2280-58-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2280-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2280-66-0x0000000004C90000-0x0000000004CAD000-memory.dmp

Filesize
116KB

Download
memory/2280-94-0x0000000004C90000-0x0000000004CAD000-memory.dmp

Filesize
116KB

Download
memory/2280-56-0x0000000004C90000-0x0000000004CAD000-memory.dmp

Filesize
116KB

Download
memory/2280-105-0x0000000004FF0000-0x000000000500D000-memory.dmp

Filesize
116KB

Download
memory/2280-10-0x0000000004C90000-0x0000000004CAD000-memory.dmp

Filesize
116KB

Download
memory/2320-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2384-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2572-55-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2572-93-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2700-65-0x0000000004610000-0x000000000462D000-memory.dmp

Filesize
116KB

Download
memory/2700-100-0x0000000004610000-0x000000000462D000-memory.dmp

Filesize
116KB

Download
memory/2700-69-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2700-54-0x00000000020C0000-0x00000000020DD000-memory.dmp

Filesize
116KB

Download
memory/2700-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2756-71-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2768-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2792-73-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2800-113-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2800-103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2800-97-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2800-122-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2800-70-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download