855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081

Analysis

max time kernel
14s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
Size

705KB
MD5

ffcc689b6d3ebe5366a51a67a4c5e1c0
SHA1

70f7ed898f6ea53cbde91a1e918e583f0ebdeb0d
SHA256

855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081
SHA512

ec8d4bc2288b14724134ad92e894bba7da9b43a5ffd6cd6cfb6994c910beab40b9b16216928f2708d8243ca2c427a5ed2498efcb725c081abbff1848c1130f95
SSDEEP

12288:VEQoSml0NHhuZQtQgPZZ44eHM2zb96iAES/2Jjrddk54qsPIiB0YKmPsrNGr:VhhTNZZ5eBz5xSgTy+gJOPWG

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2516-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014740-5.dat	upx
behavioral1/memory/2324-15-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2324-58-0x0000000004820000-0x000000000483F000-memory.dmp	upx
behavioral1/memory/2572-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2516-61-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2588-63-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2920-82-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2928-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2324-84-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2960-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2624-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2572-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/788-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2872-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2900-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/660-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2960-109-0x00000000047C0000-0x00000000047DF000-memory.dmp	upx
behavioral1/memory/2872-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/788-110-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/320-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2624-113-0x00000000047C0000-0x00000000047DF000-memory.dmp	upx
behavioral1/memory/2900-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1580-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1644-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/868-119-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2924-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3024-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2460-129-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1208-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/660-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2412-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1872-125-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2336-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/436-131-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/320-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/852-134-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1520-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/912-136-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1580-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2540-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3012-140-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1644-141-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/868-142-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/432-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1208-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\L:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\M:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\Q:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\R:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\X:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\B:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\I:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\Z:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\G:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\H:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\K:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\N:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\V:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\A:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\E:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\S:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\T:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\U:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\W:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\Y:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\O:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\P:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\chinese handjob uncut feet femdom .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian beastiality handjob several models ash redhair .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian gay licking .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gang bang girls black hairunshaved .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast [milf] .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian gay fetish licking .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn catfight .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\System32\DriverStore\Temp\german animal blowjob full movie femdom (Liz).rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\FxsTmp\american blowjob fetish licking .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SysWOW64\IME\shared\fetish [bangbus] girly (Janette,Sandy).avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\fucking fetish catfight hole (Janette,Christine).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Windows Journal\Templates\gang bang [bangbus] ìï .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black bukkake cumshot masturbation .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Google\Temp\russian handjob beast catfight castration .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american cum [bangbus] shoes .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french animal porn full movie (Anniston).avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian gang bang girls mature .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia horse handjob masturbation shoes .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling sperm several models .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian gay handjob masturbation vagina pregnant .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american beast horse uncut mistress .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british horse beast [bangbus] legs hairy .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\spanish blowjob beastiality public titts wifey (Gina).zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian fucking handjob several models wifey (Karin,Melissa).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese porn catfight boobs high heels (Ashley).zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Drops file in Windows directory 37 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\french bukkake [free] legs (Britney,Jenna).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\tmp\horse uncut lady .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish horse porn big hole YEâPSè& (Sandy,Anniston).rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cumshot lesbian stockings .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\fucking voyeur boots .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\mssrv.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\hardcore catfight .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish lesbian uncut hairy .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast cum girls .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\handjob gay [bangbus] hole granny .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\Downloaded Program Files\canadian cum sleeping .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking fetish several models boobs balls (Jade).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\french bukkake horse several models mistress (Tatjana,Gina).mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish blowjob porn lesbian pregnant .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\action kicking [free] .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese nude lesbian high heels (Liz).avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\blowjob [bangbus] .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german hardcore sperm catfight titts .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse fetish catfight hotel (Sylvia,Samantha).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude porn big bedroom .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nude animal full movie hole (Sonja).mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian xxx nude sleeping titts .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse licking fishy .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\cumshot lesbian [bangbus] shower .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beastiality animal uncut mistress .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\canadian xxx [bangbus] .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese bukkake xxx hidden feet (Melissa).mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\temp\swedish gay sperm public granny .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\swedish action sleeping cock sm (Sonja,Curtney).avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\security\templates\xxx animal girls hairy .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\canadian blowjob hidden .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cum horse [bangbus] .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\PLA\Templates\gang bang uncut .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\action action [milf] sm .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\trambling uncut fishy (Ashley).rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\fucking handjob licking boots (Gina,Sandy).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Windows\SoftwareDistribution\Download\animal blowjob [bangbus] .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2960	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2624	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2872	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
788	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2900	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2924	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
660	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
320	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
1580	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2960	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2624	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
1644	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
868	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
788	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2872	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2336	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2924	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2412	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3024	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2900	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
1872	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2460	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
660	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
1208	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
432	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2324	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	28
PID 2516 wrote to memory of 2324	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	28
PID 2516 wrote to memory of 2324	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	28
PID 2516 wrote to memory of 2324	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	28
PID 2324 wrote to memory of 2572	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	29
PID 2324 wrote to memory of 2572	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	29
PID 2324 wrote to memory of 2572	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	29
PID 2324 wrote to memory of 2572	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	29
PID 2516 wrote to memory of 2588	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	30
PID 2516 wrote to memory of 2588	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	30
PID 2516 wrote to memory of 2588	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	30
PID 2516 wrote to memory of 2588	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	30
PID 2324 wrote to memory of 2928	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	31
PID 2324 wrote to memory of 2928	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	31
PID 2324 wrote to memory of 2928	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	31
PID 2324 wrote to memory of 2928	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	31
PID 2588 wrote to memory of 2920	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	33
PID 2588 wrote to memory of 2920	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	33
PID 2588 wrote to memory of 2920	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	33
PID 2588 wrote to memory of 2920	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	33
PID 2572 wrote to memory of 2960	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	34
PID 2572 wrote to memory of 2960	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	34
PID 2572 wrote to memory of 2960	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	34
PID 2572 wrote to memory of 2960	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	34
PID 2516 wrote to memory of 2624	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	32
PID 2516 wrote to memory of 2624	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	32
PID 2516 wrote to memory of 2624	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	32
PID 2516 wrote to memory of 2624	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	32
PID 2928 wrote to memory of 788	2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	35
PID 2928 wrote to memory of 788	2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	35
PID 2928 wrote to memory of 788	2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	35
PID 2928 wrote to memory of 788	2928	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	35
PID 2920 wrote to memory of 2872	2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	36
PID 2920 wrote to memory of 2872	2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	36
PID 2920 wrote to memory of 2872	2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	36
PID 2920 wrote to memory of 2872	2920	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	36
PID 2324 wrote to memory of 2900	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	37
PID 2324 wrote to memory of 2900	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	37
PID 2324 wrote to memory of 2900	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	37
PID 2324 wrote to memory of 2900	2324	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	37
PID 2572 wrote to memory of 2924	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	38
PID 2572 wrote to memory of 2924	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	38
PID 2572 wrote to memory of 2924	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	38
PID 2572 wrote to memory of 2924	2572	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	38
PID 2588 wrote to memory of 660	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	39
PID 2588 wrote to memory of 660	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	39
PID 2588 wrote to memory of 660	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	39
PID 2588 wrote to memory of 660	2588	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	39
PID 2516 wrote to memory of 436	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	40
PID 2516 wrote to memory of 436	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	40
PID 2516 wrote to memory of 436	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	40
PID 2516 wrote to memory of 436	2516	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	40
PID 2960 wrote to memory of 320	2960	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	41
PID 2960 wrote to memory of 320	2960	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	41
PID 2960 wrote to memory of 320	2960	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	41
PID 2960 wrote to memory of 320	2960	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	41
PID 2624 wrote to memory of 1580	2624	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	42
PID 2624 wrote to memory of 1580	2624	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	42
PID 2624 wrote to memory of 1580	2624	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	42
PID 2624 wrote to memory of 1580	2624	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	42
PID 788 wrote to memory of 1644	788	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	44
PID 788 wrote to memory of 1644	788	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	44
PID 788 wrote to memory of 1644	788	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	44
PID 788 wrote to memory of 1644	788	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	44

C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        9⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        9⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        9⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12424
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        9⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:14296
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        9⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:10772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8796
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:11940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12432
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:14652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8856
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:11988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:11212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:10732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:13404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:14116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:13192
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:1520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:12944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:10436
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:9136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:14980
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:13812
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:3716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:14216
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:13420
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:4900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:13396
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:8788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia horse handjob masturbation shoes .avi.exe

Filesize
821KB

MD5
e82d241853f8b454d892bf791b48ac18

SHA1
3ef7e2dbd6a871338e60faa0cfe34d789076c944

SHA256
a35652b71d45a6b8cb3a2527dc95f88763b5515fe545b3c0b24ccb3d599bde3a

SHA512
77b59a035a6cdb2555d948634362a857518acccb61977fe9e3c8913f8e7b6d07348125a5974f3d2f8e276c8b5388ae4fafee640c51756928c3e7f482ef75bb7a

Download Submit
memory/320-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/320-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/432-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/436-131-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/660-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/660-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/788-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/788-110-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/852-134-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/868-119-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/868-142-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/912-136-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1208-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1208-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1520-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1580-145-0x00000000047E0000-0x00000000047FF000-memory.dmp

Filesize
124KB

Download
memory/1580-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1580-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1644-141-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1644-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1872-125-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2324-103-0x0000000004820000-0x000000000483F000-memory.dmp

Filesize
124KB

Download
memory/2324-58-0x0000000004820000-0x000000000483F000-memory.dmp

Filesize
124KB

Download
memory/2324-15-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2324-84-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2324-93-0x0000000004820000-0x000000000483F000-memory.dmp

Filesize
124KB

Download
memory/2336-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2412-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2460-129-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2516-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2516-98-0x0000000004930000-0x000000000494F000-memory.dmp

Filesize
124KB

Download
memory/2516-60-0x0000000004930000-0x000000000494F000-memory.dmp

Filesize
124KB

Download
memory/2516-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2516-79-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/2540-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2572-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2572-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2572-80-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download
memory/2588-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2588-81-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2624-113-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2624-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2872-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2872-139-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download
memory/2872-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2872-117-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download
memory/2900-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2900-122-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2900-144-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2900-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2920-96-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2920-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2924-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2924-128-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2928-106-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/2928-92-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/2928-143-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2928-121-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2928-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2960-109-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2960-132-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2960-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3012-140-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3024-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download