cb05d1cddffbf6dcc5ce30dcd034ecfedd1fef3057bdc43a4bba8768471d1a1e

Analysis

max time kernel
190s
max time network
149s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
Size

965KB
MD5

441829e746999d7584cdaeb93a1b8ae0
SHA1

8307a180132d6ae9478f01de51272e64d7116b71
SHA256

cb05d1cddffbf6dcc5ce30dcd034ecfedd1fef3057bdc43a4bba8768471d1a1e
SHA512

f52c8d7e98a8aa0f929813243e21a34faefe0b1ed7d425d8f6c43909fabeed451b42f59a04287fa3670a7a748e6f083b8e99135ccff0882a7b3875a24a937b2c
SSDEEP

24576:bSL73ohDPyj11srDciy//3Ih7IUqOfCZD6LIb4r5:bHtogXSgh7IUduDOU4V

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2712-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x002d000000013381-5.dat	upx
behavioral1/memory/2712-8-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2756-12-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2276-15-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3040-18-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2756-20-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3016-22-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2276-23-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\O:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\U:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\Q:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\S:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\Z:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\E:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\H:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\J:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\N:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\W:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\A:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\L:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\P:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\R:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\T:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\V:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\X:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\Y:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\B:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\G:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\K:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File opened (read-only)	\??\M:	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\swedish horse [free] nipples lady .zip.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File created	C:\Program Files\Windows Journal\Templates\american lingerie fetish catfight feet .rar.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american sperm catfight .rar.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia bukkake licking vagina gorgeoushorny .rar.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\beastiality beast big vagina YEâPSè& .rar.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\french bukkake sleeping redhair (Liz,Tatjana).avi.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2908	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2896	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2912	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3016	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2880	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1320	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1212	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2212	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
376	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3036	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
524	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2908	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2188	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1740	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2340	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
528	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2956	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1104	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1104	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1632	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1632	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1476	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1476	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1876	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1876	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
1876	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2756	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	29
PID 2712 wrote to memory of 2756	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	29
PID 2712 wrote to memory of 2756	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	29
PID 2712 wrote to memory of 2756	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	29
PID 2756 wrote to memory of 2636	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	31
PID 2756 wrote to memory of 2636	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	31
PID 2756 wrote to memory of 2636	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	31
PID 2756 wrote to memory of 2636	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	31
PID 2712 wrote to memory of 2276	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	30
PID 2712 wrote to memory of 2276	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	30
PID 2712 wrote to memory of 2276	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	30
PID 2712 wrote to memory of 2276	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	30
PID 2636 wrote to memory of 3040	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	32
PID 2636 wrote to memory of 3040	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	32
PID 2636 wrote to memory of 3040	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	32
PID 2636 wrote to memory of 3040	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	32
PID 2756 wrote to memory of 2640	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	35
PID 2756 wrote to memory of 2640	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	35
PID 2756 wrote to memory of 2640	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	35
PID 2756 wrote to memory of 2640	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	35
PID 2276 wrote to memory of 2372	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	34
PID 2276 wrote to memory of 2372	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	34
PID 2276 wrote to memory of 2372	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	34
PID 2276 wrote to memory of 2372	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	34
PID 2712 wrote to memory of 2012	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	33
PID 2712 wrote to memory of 2012	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	33
PID 2712 wrote to memory of 2012	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	33
PID 2712 wrote to memory of 2012	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	33
PID 3040 wrote to memory of 2908	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	43
PID 3040 wrote to memory of 2908	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	43
PID 3040 wrote to memory of 2908	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	43
PID 3040 wrote to memory of 2908	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	43
PID 2756 wrote to memory of 2896	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	42
PID 2756 wrote to memory of 2896	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	42
PID 2756 wrote to memory of 2896	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	42
PID 2756 wrote to memory of 2896	2756	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	42
PID 2640 wrote to memory of 2912	2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	41
PID 2640 wrote to memory of 2912	2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	41
PID 2640 wrote to memory of 2912	2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	41
PID 2640 wrote to memory of 2912	2640	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	41
PID 2276 wrote to memory of 2880	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	40
PID 2276 wrote to memory of 2880	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	40
PID 2276 wrote to memory of 2880	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	40
PID 2276 wrote to memory of 2880	2276	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	40
PID 2636 wrote to memory of 3016	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	36
PID 2636 wrote to memory of 3016	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	36
PID 2636 wrote to memory of 3016	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	36
PID 2636 wrote to memory of 3016	2636	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	36
PID 2012 wrote to memory of 1212	2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	39
PID 2012 wrote to memory of 1212	2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	39
PID 2012 wrote to memory of 1212	2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	39
PID 2012 wrote to memory of 1212	2012	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	39
PID 2712 wrote to memory of 1320	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	38
PID 2712 wrote to memory of 1320	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	38
PID 2712 wrote to memory of 1320	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	38
PID 2712 wrote to memory of 1320	2712	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	38
PID 2372 wrote to memory of 2212	2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	37
PID 2372 wrote to memory of 2212	2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	37
PID 2372 wrote to memory of 2212	2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	37
PID 2372 wrote to memory of 2212	2372	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	37
PID 3040 wrote to memory of 524	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	44
PID 3040 wrote to memory of 524	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	44
PID 3040 wrote to memory of 524	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	44
PID 3040 wrote to memory of 524	3040	NEAS.441829e746999d7584cdaeb93a1b8ae0.exe	44

C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        9⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        9⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:13064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:12924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:13104
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:6276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:10880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:18428
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:18292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:18364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:13144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:13120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:10924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:6284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:10792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:18412
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        6⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:18404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:12960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14012
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:6716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:10932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:18380
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:18420
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:14168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:6708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:11748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:17852
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
        5⤵
        
        PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:12936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:17772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:7064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:14260
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
      4⤵
      PID:13856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:5972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:8092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:14044
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  PID:3288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:5820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:10648
- - C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
    3⤵
    PID:14060
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  PID:4224
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  PID:6668
- C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.441829e746999d7584cdaeb93a1b8ae0.exe"
  2⤵
  PID:10856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american sperm catfight .rar.exe

Filesize
1.8MB

MD5
54e8a43311cad5135950b15f452a618d

SHA1
a4740b9ea27a01ce98742ea0a5c3bddca4443387

SHA256
28c189e22c3af0dc0b8ce149a1773244a17063a3cc2d7b2f61da05a211a000e7

SHA512
ecf3a2c6fecfc79ecdc410fd8c6a188a1538947c107747183f296fcf44df510e6ed91c6922c54c25b91e76a4eb1eed810df1e8baf485f41c8cdf2b55efd1441f

Download Submit
memory/2276-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2276-23-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2636-17-0x00000000047B0000-0x00000000047CD000-memory.dmp

Filesize
116KB

Download
memory/2712-11-0x0000000004BD0000-0x0000000004BED000-memory.dmp

Filesize
116KB

Download
memory/2712-16-0x00000000053F0000-0x000000000540D000-memory.dmp

Filesize
116KB

Download
memory/2712-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2712-19-0x0000000004BD0000-0x0000000004BED000-memory.dmp

Filesize
116KB

Download
memory/2712-8-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2756-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2756-14-0x0000000004900000-0x000000000491D000-memory.dmp

Filesize
116KB

Download
memory/2756-20-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2756-21-0x0000000004900000-0x000000000491D000-memory.dmp

Filesize
116KB

Download
memory/3016-22-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3040-18-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download