f00a8f4b541dbc95efbf444b263b9a1ea146497ba6d673349437949704bf2354

Analysis

max time kernel
30s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3403dfd081a35692b29265c832c67680.exe
Size

666KB
MD5

3403dfd081a35692b29265c832c67680
SHA1

68f98cec69f9bd4b3ca1159258291ca2e3f0cecc
SHA256

f00a8f4b541dbc95efbf444b263b9a1ea146497ba6d673349437949704bf2354
SHA512

6260aa8baa50ef13bc5459194fa951fe9164a533a26f2e234c6acc7ccd3132ec993eaed84829310f8a2116e385681dfbd0b8cf9a6ab5b3b8d7aca49a3cb39bdd
SSDEEP

12288:SEQoS86TDNKC0LN3K4GzPiiSa/CXB1+kaPFNZYkHWbup6ZI+1uej:SyLGJSa/yB8xPZ/WnZ1

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1860-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000015ce0-5.dat	upx
behavioral1/memory/2700-14-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2632-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2608-61-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1860-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1984-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2904-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2960-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2984-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2700-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1348-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1984-89-0x0000000001DD0000-0x0000000001DEF000-memory.dmp	upx
behavioral1/memory/2608-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2248-95-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2820-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2900-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2656-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1984-101-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2904-103-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2960-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/988-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1876-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1348-119-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2372-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2104-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/552-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2064-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1992-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2900-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/988-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1648-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1584-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/604-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2372-134-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1648-136-0x0000000004900000-0x000000000491F000-memory.dmp	upx
behavioral1/memory/2104-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1424-140-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/552-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2428-141-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2444-142-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2452-143-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1856-144-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1896-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1976-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2992-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.3403dfd081a35692b29265c832c67680.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\B:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\H:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\I:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\K:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\X:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\Y:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\Z:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\A:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\J:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\O:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\S:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\R:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\U:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\V:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\W:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\E:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\G:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\L:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\N:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\M:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\P:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\Q:	NEAS.3403dfd081a35692b29265c832c67680.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\german lingerie public feet .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\IME\shared\lesbian [free] (Jenna,Kathrin).mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm bukkake [free] femdom .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\IME\shared\fetish hidden hole .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob horse [free] glans .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese fetish lesbian .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse lingerie public .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\kicking [bangbus] boobs .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian blowjob beast hidden feet pregnant .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SysWOW64\FxsTmp\black gay masturbation .mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\british kicking hot (!) penetration .mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Google\Temp\african cum fetish public vagina redhair .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\animal hidden (Gina,Anniston).rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia trambling licking .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Windows Journal\Templates\horse gay hidden legs ìï (Christine).mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Common Files\Microsoft Shared\nude public boobs (Karin,Christine).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse masturbation shoes .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\chinese cum action masturbation stockings (Tatjana,Janette).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling kicking hot (!) hairy .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish animal horse [bangbus] hotel .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\asian lingerie cumshot licking 40+ .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\asian handjob blowjob [milf] boots .mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Google\Update\Download\american gay gay sleeping young .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\handjob catfight nipples hairy .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\animal full movie .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\tmp\horse [milf] hole .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian horse several models .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\PLA\Templates\malaysia handjob hot (!) hairy .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking public bondage .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\SoftwareDistribution\Download\action lesbian uncut ìï .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british horse fetish [free] (Melissa,Tatjana).avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian lingerie several models bondage .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black action [bangbus] feet blondie .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\Downloaded Program Files\trambling sleeping (Gina).rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay [milf] vagina balls (Curtney,Kathrin).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\russian porn voyeur legs ejaculation (Britney).mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling fetish full movie hole fishy .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\african action bukkake sleeping .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\african hardcore gay licking feet .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\security\templates\italian bukkake kicking catfight ash granny (Kathrin,Jenna).mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish blowjob lesbian several models .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french blowjob hot (!) (Karin,Melissa).mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian sperm licking pregnant .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\french cumshot gay lesbian ejaculation .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\kicking trambling catfight (Karin).rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\french handjob nude hot (!) vagina gorgeoushorny .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\beastiality licking vagina balls .mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\british gang bang sleeping (Kathrin).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian girls (Melissa,Jade).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gay porn [free] wifey .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\animal gang bang masturbation blondie .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cumshot [milf] .mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\temp\asian handjob girls ash .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\kicking animal uncut .rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\mssrv.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\porn animal masturbation high heels (Sonja,Sarah).mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
1860	NEAS.3403dfd081a35692b29265c832c67680.exe
2700	NEAS.3403dfd081a35692b29265c832c67680.exe
1860	NEAS.3403dfd081a35692b29265c832c67680.exe
2608	NEAS.3403dfd081a35692b29265c832c67680.exe
2632	NEAS.3403dfd081a35692b29265c832c67680.exe
1860	NEAS.3403dfd081a35692b29265c832c67680.exe
2700	NEAS.3403dfd081a35692b29265c832c67680.exe
1984	NEAS.3403dfd081a35692b29265c832c67680.exe
2608	NEAS.3403dfd081a35692b29265c832c67680.exe
2904	NEAS.3403dfd081a35692b29265c832c67680.exe
2960	NEAS.3403dfd081a35692b29265c832c67680.exe
1860	NEAS.3403dfd081a35692b29265c832c67680.exe
2984	NEAS.3403dfd081a35692b29265c832c67680.exe
2632	NEAS.3403dfd081a35692b29265c832c67680.exe
2700	NEAS.3403dfd081a35692b29265c832c67680.exe
1348	NEAS.3403dfd081a35692b29265c832c67680.exe
2248	NEAS.3403dfd081a35692b29265c832c67680.exe
1984	NEAS.3403dfd081a35692b29265c832c67680.exe
2608	NEAS.3403dfd081a35692b29265c832c67680.exe
1860	NEAS.3403dfd081a35692b29265c832c67680.exe
2820	NEAS.3403dfd081a35692b29265c832c67680.exe
2656	NEAS.3403dfd081a35692b29265c832c67680.exe
2632	NEAS.3403dfd081a35692b29265c832c67680.exe
2904	NEAS.3403dfd081a35692b29265c832c67680.exe
2900	NEAS.3403dfd081a35692b29265c832c67680.exe
1648	NEAS.3403dfd081a35692b29265c832c67680.exe
988	NEAS.3403dfd081a35692b29265c832c67680.exe
2700	NEAS.3403dfd081a35692b29265c832c67680.exe
1876	NEAS.3403dfd081a35692b29265c832c67680.exe
2960	NEAS.3403dfd081a35692b29265c832c67680.exe
2984	NEAS.3403dfd081a35692b29265c832c67680.exe
2372	NEAS.3403dfd081a35692b29265c832c67680.exe
2104	NEAS.3403dfd081a35692b29265c832c67680.exe
1348	NEAS.3403dfd081a35692b29265c832c67680.exe
552	NEAS.3403dfd081a35692b29265c832c67680.exe
1984	NEAS.3403dfd081a35692b29265c832c67680.exe
2064	NEAS.3403dfd081a35692b29265c832c67680.exe
2248	NEAS.3403dfd081a35692b29265c832c67680.exe
1992	NEAS.3403dfd081a35692b29265c832c67680.exe
2608	NEAS.3403dfd081a35692b29265c832c67680.exe
1860	NEAS.3403dfd081a35692b29265c832c67680.exe
2820	NEAS.3403dfd081a35692b29265c832c67680.exe
2632	NEAS.3403dfd081a35692b29265c832c67680.exe
2904	NEAS.3403dfd081a35692b29265c832c67680.exe
2656	NEAS.3403dfd081a35692b29265c832c67680.exe
2444	NEAS.3403dfd081a35692b29265c832c67680.exe
2428	NEAS.3403dfd081a35692b29265c832c67680.exe
2452	NEAS.3403dfd081a35692b29265c832c67680.exe
1856	NEAS.3403dfd081a35692b29265c832c67680.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2700	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	27
PID 1860 wrote to memory of 2700	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	27
PID 1860 wrote to memory of 2700	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	27
PID 1860 wrote to memory of 2700	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	27
PID 2700 wrote to memory of 2608	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	28
PID 2700 wrote to memory of 2608	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	28
PID 2700 wrote to memory of 2608	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	28
PID 2700 wrote to memory of 2608	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	28
PID 1860 wrote to memory of 2632	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	29
PID 1860 wrote to memory of 2632	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	29
PID 1860 wrote to memory of 2632	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	29
PID 1860 wrote to memory of 2632	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	29
PID 2608 wrote to memory of 1984	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	30
PID 2608 wrote to memory of 1984	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	30
PID 2608 wrote to memory of 1984	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	30
PID 2608 wrote to memory of 1984	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	30
PID 1860 wrote to memory of 2904	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	31
PID 1860 wrote to memory of 2904	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	31
PID 1860 wrote to memory of 2904	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	31
PID 1860 wrote to memory of 2904	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	31
PID 2632 wrote to memory of 2960	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	32
PID 2632 wrote to memory of 2960	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	32
PID 2632 wrote to memory of 2960	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	32
PID 2632 wrote to memory of 2960	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	32
PID 2700 wrote to memory of 2984	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	33
PID 2700 wrote to memory of 2984	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	33
PID 2700 wrote to memory of 2984	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	33
PID 2700 wrote to memory of 2984	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	33
PID 1984 wrote to memory of 1348	1984	NEAS.3403dfd081a35692b29265c832c67680.exe	34
PID 1984 wrote to memory of 1348	1984	NEAS.3403dfd081a35692b29265c832c67680.exe	34
PID 1984 wrote to memory of 1348	1984	NEAS.3403dfd081a35692b29265c832c67680.exe	34
PID 1984 wrote to memory of 1348	1984	NEAS.3403dfd081a35692b29265c832c67680.exe	34
PID 2608 wrote to memory of 2248	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	35
PID 2608 wrote to memory of 2248	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	35
PID 2608 wrote to memory of 2248	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	35
PID 2608 wrote to memory of 2248	2608	NEAS.3403dfd081a35692b29265c832c67680.exe	35
PID 1860 wrote to memory of 2820	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	38
PID 1860 wrote to memory of 2820	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	38
PID 1860 wrote to memory of 2820	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	38
PID 1860 wrote to memory of 2820	1860	NEAS.3403dfd081a35692b29265c832c67680.exe	38
PID 2632 wrote to memory of 2900	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	37
PID 2632 wrote to memory of 2900	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	37
PID 2632 wrote to memory of 2900	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	37
PID 2632 wrote to memory of 2900	2632	NEAS.3403dfd081a35692b29265c832c67680.exe	37
PID 2904 wrote to memory of 2656	2904	NEAS.3403dfd081a35692b29265c832c67680.exe	36
PID 2904 wrote to memory of 2656	2904	NEAS.3403dfd081a35692b29265c832c67680.exe	36
PID 2904 wrote to memory of 2656	2904	NEAS.3403dfd081a35692b29265c832c67680.exe	36
PID 2904 wrote to memory of 2656	2904	NEAS.3403dfd081a35692b29265c832c67680.exe	36
PID 2700 wrote to memory of 1648	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	39
PID 2700 wrote to memory of 1648	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	39
PID 2700 wrote to memory of 1648	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	39
PID 2700 wrote to memory of 1648	2700	NEAS.3403dfd081a35692b29265c832c67680.exe	39
PID 2960 wrote to memory of 988	2960	NEAS.3403dfd081a35692b29265c832c67680.exe	41
PID 2960 wrote to memory of 988	2960	NEAS.3403dfd081a35692b29265c832c67680.exe	41
PID 2960 wrote to memory of 988	2960	NEAS.3403dfd081a35692b29265c832c67680.exe	41
PID 2960 wrote to memory of 988	2960	NEAS.3403dfd081a35692b29265c832c67680.exe	41
PID 2984 wrote to memory of 1876	2984	NEAS.3403dfd081a35692b29265c832c67680.exe	40
PID 2984 wrote to memory of 1876	2984	NEAS.3403dfd081a35692b29265c832c67680.exe	40
PID 2984 wrote to memory of 1876	2984	NEAS.3403dfd081a35692b29265c832c67680.exe	40
PID 2984 wrote to memory of 1876	2984	NEAS.3403dfd081a35692b29265c832c67680.exe	40
PID 1348 wrote to memory of 2372	1348	NEAS.3403dfd081a35692b29265c832c67680.exe	42
PID 1348 wrote to memory of 2372	1348	NEAS.3403dfd081a35692b29265c832c67680.exe	42
PID 1348 wrote to memory of 2372	1348	NEAS.3403dfd081a35692b29265c832c67680.exe	42
PID 1348 wrote to memory of 2372	1348	NEAS.3403dfd081a35692b29265c832c67680.exe	42

C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        9⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:10624
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15256
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14532
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14348
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14432
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:8004
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14424
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:7956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:14456
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6920
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:9436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:15088
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:14380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:9496
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:10464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:7300
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:4916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:9876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:4668
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:7856
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:15248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\chinese cum action masturbation stockings (Tatjana,Janette).zip.exe

Filesize
1.9MB

MD5
d14d6bddd118000066c5e90f26c8769e

SHA1
b3560f26181729eed66ae2a17084bd981b51a5f4

SHA256
5d351d723f3a72765ef52f70ed781f18b46f260261f4a295845203d1e7fadbc4

SHA512
28f80becb7ffc076113d9d2ebd0684b04162adeed8ade6ff8ce020f51f55908c651261e60eb7d66fef148b7fac1c7cf3ab6ac38af1fb946833647438e5ca249e

Download Submit
memory/552-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/552-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/604-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/988-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/988-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-119-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1424-140-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1584-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1648-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1648-136-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/1856-144-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1860-70-0x0000000004B60000-0x0000000004B7F000-memory.dmp

Filesize
124KB

Download
memory/1860-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1860-125-0x0000000004B70000-0x0000000004B8F000-memory.dmp

Filesize
124KB

Download
memory/1860-102-0x0000000004B60000-0x0000000004B7F000-memory.dmp

Filesize
124KB

Download
memory/1860-60-0x0000000004B60000-0x0000000004B7F000-memory.dmp

Filesize
124KB

Download
memory/1860-92-0x0000000004B60000-0x0000000004B7F000-memory.dmp

Filesize
124KB

Download
memory/1860-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1876-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1896-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-112-0x0000000001DD0000-0x0000000001DEF000-memory.dmp

Filesize
124KB

Download
memory/1984-101-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-89-0x0000000001DD0000-0x0000000001DEF000-memory.dmp

Filesize
124KB

Download
memory/1992-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2064-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2104-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2104-148-0x0000000001F80000-0x0000000001F9F000-memory.dmp

Filesize
124KB

Download
memory/2104-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2248-95-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2372-134-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2372-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2428-141-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2444-142-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2452-143-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2608-139-0x0000000004590000-0x00000000045AF000-memory.dmp

Filesize
124KB

Download
memory/2608-100-0x0000000004580000-0x000000000459F000-memory.dmp

Filesize
124KB

Download
memory/2608-93-0x0000000004590000-0x00000000045AF000-memory.dmp

Filesize
124KB

Download
memory/2608-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2608-124-0x0000000004590000-0x00000000045AF000-memory.dmp

Filesize
124KB

Download
memory/2608-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2632-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2656-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2700-59-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2700-14-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2700-128-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2700-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2700-90-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2820-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2900-129-0x0000000004460000-0x000000000447F000-memory.dmp

Filesize
124KB

Download
memory/2900-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2900-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2904-121-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2904-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2904-103-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2904-96-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2960-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2960-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2984-105-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/2984-131-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/2984-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2992-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download