46c655f3d52ed7a182a351068bdb8bb14a67fbb7c9ba9bdd731c7ea62c999ac8

Analysis

max time kernel
22s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
Size

1.5MB
MD5

3e03f821d8686af6abf4f0773c0596f0
SHA1

07030045071a51a4b83776a99a49abcc9cbcb0c3
SHA256

46c655f3d52ed7a182a351068bdb8bb14a67fbb7c9ba9bdd731c7ea62c999ac8
SHA512

26716625e80600bf68e2e1e2a3689aa17e6dd034ecf587218486b29c9ac399eae5a3f30b5346f1b57bfdbbf236defd3b9bde9efa5dfe0fdf1559342e5997ced5
SSDEEP

24576:A8zG+wNfMgq4j9D9vF6tb/IxeLjmWq/8h1l1jE3sCV9eWB1QZ/0h/Z6sbs05Js7i:A+G+wRNlhH65I8L6f8h1Djye2WZcfMKD

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1364-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0008000000015ecd-5.dat	upx
behavioral1/memory/1676-32-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1364-64-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2108-66-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2404-67-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1676-69-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1364-70-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2136-72-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\L:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\P:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\W:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\Y:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\A:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\K:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\M:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\Q:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\T:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\E:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\R:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\V:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\X:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\Z:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\N:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\H:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\I:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\J:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\O:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\S:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\U:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File opened (read-only)	\??\B:	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake masturbation upskirt .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian kicking xxx public ejaculation .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\System32\DriverStore\Temp\italian porn fucking hot (!) ash .mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian porn trambling lesbian hole sweet (Samantha).rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files\DVD Maker\Shared\beast [free] traffic .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian kicking fucking [bangbus] cock .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian handjob horse [free] (Tatjana).mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish gang bang beast catfight .mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish gang bang lingerie licking fishy .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\african hardcore catfight hole .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling big lady .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob [milf] cock .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Google\Update\Download\hardcore [free] (Curtney).avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian handjob beast lesbian cock YEâPSè& .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\indian gang bang lingerie public hole .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files\Windows Journal\Templates\indian animal lesbian [free] latex .zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish horse gay licking cock .zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black gang bang horse full movie cock (Sonja,Jade).rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast catfight hole fishy .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian animal bukkake catfight glans swallow .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian horse beast [free] .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\hardcore [bangbus] blondie .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm [free] feet .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling several models titts ejaculation .mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american handjob gay sleeping titts .mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\fucking hidden .mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\temp\italian fetish trambling sleeping .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian beastiality lesbian catfight (Melissa).zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\mssrv.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\tmp\black fetish beast full movie girly .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish action lingerie masturbation titts .zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse [free] cock .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore sleeping titts 40+ (Sylvia).zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lingerie hidden cock granny .zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian fetish blowjob catfight shoes .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese action lingerie full movie titts lady .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx masturbation .zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\Downloaded Program Files\fucking big hole 50+ (Curtney).rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\PLA\Templates\russian handjob trambling catfight glans gorgeoushorny (Sylvia).zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\security\templates\indian cumshot fucking big (Melissa).mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish action bukkake masturbation hole shower .zip.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx lesbian cock hotel .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian gang bang xxx uncut young .mpg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish porn gay uncut glans young .mpeg.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake big feet .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian beastiality lesbian [milf] bedroom .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie uncut hole girly .rar.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore several models blondie .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay full movie feet swallow .avi.exe	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2036	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1896	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
672	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1228	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
536	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
268	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
592	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
436	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2916	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2956	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2036	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1692	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1896	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
908	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1228	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1776	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2124	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
672	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2300	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1704	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
3012	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2896	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1892	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
296	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
536	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
3032	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
2488	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
268	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
716	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
592	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
436	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
436	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1676	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	28
PID 1364 wrote to memory of 1676	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	28
PID 1364 wrote to memory of 1676	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	28
PID 1364 wrote to memory of 1676	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	28
PID 1676 wrote to memory of 2108	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	29
PID 1676 wrote to memory of 2108	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	29
PID 1676 wrote to memory of 2108	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	29
PID 1676 wrote to memory of 2108	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	29
PID 1364 wrote to memory of 2404	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	30
PID 1364 wrote to memory of 2404	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	30
PID 1364 wrote to memory of 2404	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	30
PID 1364 wrote to memory of 2404	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	30
PID 2404 wrote to memory of 2136	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	32
PID 2404 wrote to memory of 2136	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	32
PID 2404 wrote to memory of 2136	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	32
PID 2404 wrote to memory of 2136	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	32
PID 2108 wrote to memory of 2028	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	31
PID 2108 wrote to memory of 2028	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	31
PID 2108 wrote to memory of 2028	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	31
PID 2108 wrote to memory of 2028	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	31
PID 1364 wrote to memory of 2484	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	33
PID 1364 wrote to memory of 2484	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	33
PID 1364 wrote to memory of 2484	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	33
PID 1364 wrote to memory of 2484	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	33
PID 1676 wrote to memory of 1328	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	34
PID 1676 wrote to memory of 1328	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	34
PID 1676 wrote to memory of 1328	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	34
PID 1676 wrote to memory of 1328	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	34
PID 2136 wrote to memory of 2036	2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	35
PID 2136 wrote to memory of 2036	2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	35
PID 2136 wrote to memory of 2036	2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	35
PID 2136 wrote to memory of 2036	2136	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	35
PID 2404 wrote to memory of 1896	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	36
PID 2404 wrote to memory of 1896	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	36
PID 2404 wrote to memory of 1896	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	36
PID 2404 wrote to memory of 1896	2404	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	36
PID 1364 wrote to memory of 672	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	37
PID 1364 wrote to memory of 672	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	37
PID 1364 wrote to memory of 672	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	37
PID 1364 wrote to memory of 672	1364	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	37
PID 2108 wrote to memory of 1228	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	38
PID 2108 wrote to memory of 1228	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	38
PID 2108 wrote to memory of 1228	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	38
PID 2108 wrote to memory of 1228	2108	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	38
PID 1676 wrote to memory of 536	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	39
PID 1676 wrote to memory of 536	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	39
PID 1676 wrote to memory of 536	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	39
PID 1676 wrote to memory of 536	1676	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	39
PID 2028 wrote to memory of 268	2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	40
PID 2028 wrote to memory of 268	2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	40
PID 2028 wrote to memory of 268	2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	40
PID 2028 wrote to memory of 268	2028	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	40
PID 2484 wrote to memory of 592	2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	41
PID 2484 wrote to memory of 592	2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	41
PID 2484 wrote to memory of 592	2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	41
PID 2484 wrote to memory of 592	2484	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	41
PID 1328 wrote to memory of 436	1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	42
PID 1328 wrote to memory of 436	1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	42
PID 1328 wrote to memory of 436	1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	42
PID 1328 wrote to memory of 436	1328	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	42
PID 2036 wrote to memory of 2916	2036	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	44
PID 2036 wrote to memory of 2916	2036	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	44
PID 2036 wrote to memory of 2916	2036	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	44
PID 2036 wrote to memory of 2916	2036	NEAS.3e03f821d8686af6abf4f0773c0596f0.exe	44

C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:13136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:12016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:13208
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:12044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:7852
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:13088
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:5100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:8592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:13200
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:12084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        7⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:13072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:11140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:6988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:13120
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:11276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:13160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:13152
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:11596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:5464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:8624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:13256
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        6⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:11336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
        5⤵
        
        PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:12008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:5024
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:12924
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
      4⤵
      PID:4524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:3892
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:6096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:12696
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:6980
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:12688
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
    3⤵
    PID:3232
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  PID:5032
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  PID:8616
- C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3e03f821d8686af6abf4f0773c0596f0.exe"
  2⤵
  PID:12884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian kicking fucking [bangbus] cock .mpg.exe

Filesize
2.0MB

MD5
0db1d2e92db6ec9c72e7ac385aee7c08

SHA1
ea1900be9b9d17c3618b01fefe744ee573ac8991

SHA256
28ee30f3b88226404726cb5365c7ef144755624e87666d9c69b3b195479f38a6

SHA512
d9b4b638c5cbef8bafc6501692b6ef8245f5141cfde0e390629e9fa77bd7bb81fde73c8de856b013e9922d2a431f69be3d571c5fb2baad190630cc52c56baeea

Download Submit
memory/1364-68-0x00000000048C0000-0x00000000048DC000-memory.dmp

Filesize
112KB

Download
memory/1364-31-0x00000000048C0000-0x00000000048DC000-memory.dmp

Filesize
112KB

Download
memory/1364-70-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1364-64-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1364-65-0x00000000048D0000-0x00000000048EC000-memory.dmp

Filesize
112KB

Download
memory/1364-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1676-69-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1676-32-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-66-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2136-72-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2404-67-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2404-71-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download