a15f9d617cecbc8769a94a3bf013400b15db366a6ce85eed4028c45415eac3e2

Analysis

max time kernel
25s
max time network
169s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.cf0ce663275e2db478e54995fd4ec320.exe
Size

1.5MB
MD5

cf0ce663275e2db478e54995fd4ec320
SHA1

1556218663f3d0fd23c2220383fc9bbd60403056
SHA256

a15f9d617cecbc8769a94a3bf013400b15db366a6ce85eed4028c45415eac3e2
SHA512

c8df49391aa3455873a113dd79f54d19e51e06924046c1a3de3fc39257d563e36744132332f7178090af2ee5dc53aa58ed37801a47606260932ae04ec7d9aba5
SSDEEP

24576:60/D+8E/qlec+4nRXVVGifkDL7uOBviXlEJwICB2Yi+PFsf4WwqFfhp31:B6f8g4n/VGisD31BKiJwr2WPF+IqdhP

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2680-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2060-5-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/files/0x0007000000015eca-7.dat	upx
behavioral1/memory/696-44-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2504-46-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2776-65-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2124-68-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2680-63-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1964-69-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2060-71-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2832-72-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/368-78-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1580-79-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1804-80-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1544-81-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2364-82-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1104-84-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/884-85-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1636-86-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/696-88-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2504-89-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2832-95-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2068-94-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1060-97-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1852-96-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2776-91-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2388-90-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/884-98-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2388-100-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2424-101-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2068-102-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1540-103-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1852-104-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1060-105-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1704-107-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1036-108-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2424-109-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/620-110-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1920-111-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1368-112-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2896-115-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1864-116-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2088-118-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1020-120-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2984-121-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2632-122-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/772-123-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1684-125-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/1588-124-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral1/memory/2728-126-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\H:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\N:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\T:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\P:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\Q:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\S:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\W:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\Y:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\B:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\E:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\O:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\M:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\X:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\Z:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\A:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\G:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\K:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\R:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\U:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\I:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\J:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\L:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse hidden (Sylvia).rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Google\Temp\trambling full movie feet hairy .zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian kicking gay [bangbus] latex .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie full movie girly .zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\black animal lingerie catfight hole sm .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\bukkake uncut bedroom .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore masturbation penetration .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian horse xxx catfight titts (Sandy,Tatjana).mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Common Files\Microsoft Shared\danish porn blowjob sleeping bedroom .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\DVD Maker\Shared\indian cum horse uncut castration .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Windows Journal\Templates\lesbian licking mature (Ashley,Melissa).mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian beastiality sperm several models .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\hardcore sleeping hole young .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast hot (!) glans .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\trambling several models penetration .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian cumshot horse catfight cock gorgeoushorny (Liz).mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lingerie uncut .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian hot (!) (Sylvia).zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian action horse hidden .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian handjob horse girls feet femdom .zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\beast [free] .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\tmp\indian gang bang horse uncut hole bedroom (Curtney).rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\mssrv.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian handjob blowjob public .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\xxx [milf] .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black gang bang trambling [free] titts .zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\temp\lingerie masturbation hole pregnant .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\Downloaded Program Files\indian nude sperm big cock traffic .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american fetish blowjob several models sweet .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\black cumshot lesbian [bangbus] hole bedroom (Samantha).mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\xxx girls cock mistress (Janette).rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish handjob hardcore uncut glans .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian gang bang lingerie catfight .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2832	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1964	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
368	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1636	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1104	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
884	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1804	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1580	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2832	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1544	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2364	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1964	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2388	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2068	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
368	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1704	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1852	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
620	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
620	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1920	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1920	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2424	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2424	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2060	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	30
PID 2680 wrote to memory of 2060	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	30
PID 2680 wrote to memory of 2060	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	30
PID 2680 wrote to memory of 2060	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	30
PID 2060 wrote to memory of 2504	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	31
PID 2060 wrote to memory of 2504	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	31
PID 2060 wrote to memory of 2504	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	31
PID 2060 wrote to memory of 2504	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	31
PID 2680 wrote to memory of 696	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	32
PID 2680 wrote to memory of 696	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	32
PID 2680 wrote to memory of 696	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	32
PID 2680 wrote to memory of 696	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	32
PID 2504 wrote to memory of 2776	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	33
PID 2504 wrote to memory of 2776	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	33
PID 2504 wrote to memory of 2776	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	33
PID 2504 wrote to memory of 2776	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	33
PID 696 wrote to memory of 2124	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	36
PID 696 wrote to memory of 2124	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	36
PID 696 wrote to memory of 2124	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	36
PID 696 wrote to memory of 2124	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	36
PID 2680 wrote to memory of 1964	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	35
PID 2680 wrote to memory of 1964	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	35
PID 2680 wrote to memory of 1964	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	35
PID 2680 wrote to memory of 1964	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	35
PID 2060 wrote to memory of 2832	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	34
PID 2060 wrote to memory of 2832	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	34
PID 2060 wrote to memory of 2832	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	34
PID 2060 wrote to memory of 2832	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	34
PID 2776 wrote to memory of 368	2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	37
PID 2776 wrote to memory of 368	2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	37
PID 2776 wrote to memory of 368	2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	37
PID 2776 wrote to memory of 368	2776	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	37
PID 2060 wrote to memory of 1636	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	39
PID 2060 wrote to memory of 1636	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	39
PID 2060 wrote to memory of 1636	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	39
PID 2060 wrote to memory of 1636	2060	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	39
PID 2124 wrote to memory of 1104	2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	38
PID 2124 wrote to memory of 1104	2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	38
PID 2124 wrote to memory of 1104	2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	38
PID 2124 wrote to memory of 1104	2124	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	38
PID 696 wrote to memory of 884	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	40
PID 696 wrote to memory of 884	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	40
PID 696 wrote to memory of 884	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	40
PID 696 wrote to memory of 884	696	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	40
PID 2680 wrote to memory of 1804	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	43
PID 2680 wrote to memory of 1804	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	43
PID 2680 wrote to memory of 1804	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	43
PID 2680 wrote to memory of 1804	2680	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	43
PID 2504 wrote to memory of 1544	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	41
PID 2504 wrote to memory of 1544	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	41
PID 2504 wrote to memory of 1544	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	41
PID 2504 wrote to memory of 1544	2504	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	41
PID 2832 wrote to memory of 1580	2832	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	42
PID 2832 wrote to memory of 1580	2832	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	42
PID 2832 wrote to memory of 1580	2832	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	42
PID 2832 wrote to memory of 1580	2832	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	42
PID 1964 wrote to memory of 2364	1964	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	44
PID 1964 wrote to memory of 2364	1964	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	44
PID 1964 wrote to memory of 2364	1964	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	44
PID 1964 wrote to memory of 2364	1964	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	44
PID 368 wrote to memory of 2388	368	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	45
PID 368 wrote to memory of 2388	368	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	45
PID 368 wrote to memory of 2388	368	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	45
PID 368 wrote to memory of 2388	368	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	45

C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        9⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        9⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        9⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        9⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12836
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11584
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:14088
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:12048
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11696
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:15156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:11728
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:12104
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:8428
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:11576
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:13248
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:3732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:11864
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:4512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:9836
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:6420
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:13320
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:12984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\horse hidden (Sylvia).rar.exe

Filesize
224KB

MD5
7ff8e33cb157beccbf1b4e7042d923ee

SHA1
1aea62b23471685b9629075577cbb0db62ba0dee

SHA256
184ee2df0a0bd7905e7b8a893bb932218d791855f5071a59a2bf0c7687535b81

SHA512
7e0b25c9bb99ede7f3abd05e3d45f3533351621728366a2640c473a2d52368a544d9f7ae2df41e62accdd869e7a15f36a69eb8d15fff536c688714735481a4e4

Download Submit
memory/368-78-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/368-99-0x0000000004540000-0x0000000004561000-memory.dmp

Filesize
132KB

Download
memory/620-110-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/696-88-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/696-93-0x0000000004590000-0x00000000045B1000-memory.dmp

Filesize
132KB

Download
memory/696-66-0x0000000004590000-0x00000000045B1000-memory.dmp

Filesize
132KB

Download
memory/696-44-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/772-123-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/884-98-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/884-85-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1020-120-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1036-108-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1060-97-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1060-105-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1104-84-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1368-112-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1540-103-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1544-81-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1544-113-0x0000000000540000-0x0000000000561000-memory.dmp

Filesize
132KB

Download
memory/1580-79-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1580-114-0x0000000004520000-0x0000000004541000-memory.dmp

Filesize
132KB

Download
memory/1588-124-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1636-86-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1636-117-0x0000000004440000-0x0000000004461000-memory.dmp

Filesize
132KB

Download
memory/1636-106-0x0000000004440000-0x0000000004461000-memory.dmp

Filesize
132KB

Download
memory/1684-125-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1704-107-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1804-80-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1852-96-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1852-104-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1864-116-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1920-111-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1964-69-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2060-5-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2060-71-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2060-83-0x00000000044E0000-0x0000000004501000-memory.dmp

Filesize
132KB

Download
memory/2060-67-0x0000000004800000-0x0000000004821000-memory.dmp

Filesize
132KB

Download
memory/2060-42-0x00000000044E0000-0x0000000004501000-memory.dmp

Filesize
132KB

Download
memory/2068-94-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2068-102-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2088-118-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2124-68-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2364-82-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2388-100-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2388-90-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2424-101-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2424-109-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2504-89-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2504-64-0x00000000047D0000-0x00000000047F1000-memory.dmp

Filesize
132KB

Download
memory/2504-92-0x00000000047D0000-0x00000000047F1000-memory.dmp

Filesize
132KB

Download
memory/2504-46-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2632-122-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2680-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2680-63-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2680-70-0x0000000004B50000-0x0000000004B71000-memory.dmp

Filesize
132KB

Download
memory/2680-4-0x0000000004B50000-0x0000000004B71000-memory.dmp

Filesize
132KB

Download
memory/2728-126-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2776-77-0x0000000004820000-0x0000000004841000-memory.dmp

Filesize
132KB

Download
memory/2776-65-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2776-91-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2832-72-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2832-95-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2896-115-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2984-121-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download