fb18eb16ee5955538a2e549714e53447d987a06ad46f643feee04a3ef8c0ab3e

Analysis

max time kernel
28s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
Size

1.4MB
MD5

83bec8a588588a1ea9677c9789f24ff0
SHA1

26d57ac65332878e899750b68865c775e3e8cfa6
SHA256

fb18eb16ee5955538a2e549714e53447d987a06ad46f643feee04a3ef8c0ab3e
SHA512

7d22467cb9e6caed4a515d4d912e9a155311cd8aae9aa210cb9e9f8d629f85ada07d9f3d8c361ca7492e103d5ab13ea670720b67da8f396388a4b5c6919fddcc
SSDEEP

24576:A8jfzi+BT2D5ZfglN5XV+QM0CgKNXZ8MXLXVU9uNaGEobs5GoCdrIT+z:AAiI+0XUQM0ufg9uNd1MCrI4

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0007000000015613-5.dat	upx
behavioral1/memory/2744-22-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1668-54-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2668-55-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2240-56-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/108-58-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2856-62-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2780-63-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1668-73-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1536-76-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1760-75-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2488-77-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1640-78-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/320-79-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2776-81-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1688-82-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/868-83-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2080-97-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/108-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1916-98-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3036-101-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3040-103-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2196-102-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1760-105-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2080-106-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2480-107-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3028-110-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3036-108-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2196-111-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2188-112-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2348-113-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2068-115-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2328-117-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1208-126-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/684-129-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1076-130-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1124-135-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2516-134-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1960-133-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1648-132-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1744-131-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2272-136-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1728-137-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2084-138-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3016-139-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3032-140-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/908-141-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1788-142-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/696-143-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2056-145-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\N:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\R:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\S:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\U:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\W:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\X:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\Y:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\B:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\H:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\I:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\J:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\Q:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\V:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\A:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\G:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\K:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\E:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\L:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\M:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\O:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\P:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\T:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\lesbian hidden cock sm (Sarah).avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude horse licking beautyfull .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\System32\DriverStore\Temp\italian cumshot fucking sleeping feet .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse public hole .mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish kicking hardcore girls feet pregnant (Sylvia).rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action sperm several models hole .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\canadian horse several models cock boots (Janette).rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\IME\shared\italian handjob xxx sleeping .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish fetish fucking catfight glans blondie (Sylvia).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian beastiality lingerie sleeping boots .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse hot (!) .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore [free] boots .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american beastiality bukkake masturbation granny .mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\DVD Maker\Shared\russian action hardcore licking redhair .mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian action xxx full movie .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\brasilian action horse licking YEâPSè& .avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian fetish hardcore lesbian titts mature .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish horse bukkake full movie (Curtney).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fucking public stockings .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Google\Temp\trambling hot (!) bondage (Sonja,Melissa).mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish animal gay big (Sarah).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore [milf] hole .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\japanese beastiality gay licking .avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Windows Journal\Templates\black gang bang hardcore big granny .mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish porn blowjob [milf] (Samantha).mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm lesbian .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie hidden balls (Ashley,Jade).mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\mssrv.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese beastiality gay licking penetration .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese cumshot beast licking (Curtney).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum bukkake [milf] stockings .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast sleeping bondage .mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian nude lingerie hot (!) .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\Downloaded Program Files\italian handjob blowjob sleeping titts .avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\bukkake catfight .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian cumshot gay masturbation hole (Gina,Karin).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\xxx hidden hairy (Sonja,Tatjana).rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american fetish hardcore lesbian (Liz).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese nude xxx uncut glans .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian action sperm lesbian feet .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\tmp\beast [bangbus] titts young .mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\SoftwareDistribution\Download\tyrkish action trambling masturbation titts ìï .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\italian handjob fucking [milf] titts .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish action lingerie sleeping feet .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\security\templates\danish porn trambling voyeur cock .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian hot (!) hole (Sandy,Melissa).mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish action trambling hot (!) (Curtney).mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\horse masturbation lady .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking catfight cock beautyfull .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\PLA\Templates\lesbian sleeping feet .avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm [free] 40+ .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian beastiality lingerie hot (!) (Melissa).rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\assembly\temp\italian gang bang trambling hot (!) glans black hairunshaved (Karin).avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian action xxx girls YEâPSè& .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese fetish fucking [bangbus] penetration .zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish fetish blowjob hidden beautyfull .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2856	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2780	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1760	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1536	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2488	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1688	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2776	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1640	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
320	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2856	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
868	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2780	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2080	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1760	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3036	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3028	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3040	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2196	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1536	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2744	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	27
PID 1668 wrote to memory of 2744	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	27
PID 1668 wrote to memory of 2744	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	27
PID 1668 wrote to memory of 2744	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	27
PID 1668 wrote to memory of 2668	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	29
PID 1668 wrote to memory of 2668	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	29
PID 1668 wrote to memory of 2668	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	29
PID 1668 wrote to memory of 2668	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	29
PID 2744 wrote to memory of 2240	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	28
PID 2744 wrote to memory of 2240	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	28
PID 2744 wrote to memory of 2240	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	28
PID 2744 wrote to memory of 2240	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	28
PID 2668 wrote to memory of 1916	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	30
PID 2668 wrote to memory of 1916	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	30
PID 2668 wrote to memory of 1916	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	30
PID 2668 wrote to memory of 1916	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	30
PID 2240 wrote to memory of 108	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	33
PID 2240 wrote to memory of 108	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	33
PID 2240 wrote to memory of 108	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	33
PID 2240 wrote to memory of 108	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	33
PID 2744 wrote to memory of 2856	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	32
PID 2744 wrote to memory of 2856	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	32
PID 2744 wrote to memory of 2856	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	32
PID 2744 wrote to memory of 2856	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	32
PID 1668 wrote to memory of 2780	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	31
PID 1668 wrote to memory of 2780	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	31
PID 1668 wrote to memory of 2780	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	31
PID 1668 wrote to memory of 2780	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	31
PID 1916 wrote to memory of 1536	1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	34
PID 1916 wrote to memory of 1536	1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	34
PID 1916 wrote to memory of 1536	1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	34
PID 1916 wrote to memory of 1536	1916	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	34
PID 108 wrote to memory of 1760	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	35
PID 108 wrote to memory of 1760	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	35
PID 108 wrote to memory of 1760	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	35
PID 108 wrote to memory of 1760	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	35
PID 2744 wrote to memory of 2488	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	41
PID 2744 wrote to memory of 2488	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	41
PID 2744 wrote to memory of 2488	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	41
PID 2744 wrote to memory of 2488	2744	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	41
PID 2668 wrote to memory of 1640	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	40
PID 2668 wrote to memory of 1640	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	40
PID 2668 wrote to memory of 1640	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	40
PID 2668 wrote to memory of 1640	2668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	40
PID 2240 wrote to memory of 1688	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	39
PID 2240 wrote to memory of 1688	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	39
PID 2240 wrote to memory of 1688	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	39
PID 2240 wrote to memory of 1688	2240	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	39
PID 1668 wrote to memory of 320	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	36
PID 1668 wrote to memory of 320	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	36
PID 1668 wrote to memory of 320	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	36
PID 1668 wrote to memory of 320	1668	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	36
PID 2856 wrote to memory of 2776	2856	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	38
PID 2856 wrote to memory of 2776	2856	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	38
PID 2856 wrote to memory of 2776	2856	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	38
PID 2856 wrote to memory of 2776	2856	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	38
PID 2780 wrote to memory of 868	2780	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	37
PID 2780 wrote to memory of 868	2780	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	37
PID 2780 wrote to memory of 868	2780	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	37
PID 2780 wrote to memory of 868	2780	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	37
PID 108 wrote to memory of 2080	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	42
PID 108 wrote to memory of 2080	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	42
PID 108 wrote to memory of 2080	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	42
PID 108 wrote to memory of 2080	108	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	42

C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        10⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        9⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13816
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13728
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14192
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13544
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:14480
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:14448
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:10904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:14792
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:9468
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:3324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:12916
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13824
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:6124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13648
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:8796
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:14248
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:13600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\fucking public stockings .zip.exe

Filesize
651KB

MD5
faabfb8809a7ead71044d6f230dc6717

SHA1
3b8e9e48d27770a7795730829ed1d4602c3df30e

SHA256
e2886b51fe4ea114ea06e46b79776660a72d7d6e01b554f326b0cd91d5b4b944

SHA512
4b5df7adb35507d2ade82a8d72ad23fcdca30b6a0f73694d248661dc0abbe663e38510e8558906d330cd5ad378a417594b5a7c0f9ff174b4ea4c01b58e7878d8

Download Submit
memory/108-58-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/108-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/108-146-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/108-128-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/320-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/684-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/696-143-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/868-83-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/908-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1076-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1124-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1208-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1536-76-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1640-78-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1648-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1668-57-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/1668-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1668-61-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/1668-73-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1668-100-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/1668-54-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1668-19-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/1688-82-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1688-118-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/1728-137-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1744-131-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1760-75-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1760-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1788-142-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1916-104-0x00000000047B0000-0x00000000047CC000-memory.dmp

Filesize
112KB

Download
memory/1916-74-0x00000000047B0000-0x00000000047CC000-memory.dmp

Filesize
112KB

Download
memory/1916-98-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1960-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2056-145-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2068-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2080-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2080-144-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/2080-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-138-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2188-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2196-111-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2196-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2240-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2272-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2328-117-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2328-147-0x0000000001F00000-0x0000000001F1C000-memory.dmp

Filesize
112KB

Download
memory/2348-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2480-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2488-109-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2488-77-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2516-134-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2668-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2744-22-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2744-53-0x0000000004840000-0x000000000485C000-memory.dmp

Filesize
112KB

Download
memory/2776-81-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2776-116-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2780-114-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/2780-63-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2856-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3016-139-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3028-110-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-140-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3036-108-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3036-101-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3040-103-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download