e824f7198b4f6e325b8c1608ffec90a50f9b7cd720a335de9e26360ba020f000

Analysis

max time kernel
23s
max time network
134s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.e57f413518cd934a2faac427530d7b3f.exe
Size

1.2MB
MD5

e57f413518cd934a2faac427530d7b3f
SHA1

802b40d790bfc00b91d8e40457491d6e96bb483c
SHA256

e824f7198b4f6e325b8c1608ffec90a50f9b7cd720a335de9e26360ba020f000
SHA512

bedd7f891e8327454d1931f1f56b92731d5a51af79392fffced3a42e18c85a0c5964fde138acb1a964de062794d6cce281311d700cab376bcf769379109723be
SSDEEP

24576:g2DQ8v7kGPDgBdK3aLZd7aZEMGxfKNiXDehQCNd7omRo2N81P:ND3/Ic3aLT2wfWw2Qcc4IP

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1108-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x000a000000016c12-5.dat	upx
behavioral1/memory/1108-21-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2824-22-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2272-24-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1108-46-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2208-61-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/336-64-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2872-65-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/548-68-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2656-75-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2824-77-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/960-79-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1996-80-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1644-81-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1348-78-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2500-82-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/772-83-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/572-84-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2272-85-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2208-87-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2396-90-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1732-91-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2964-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1480-95-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2252-93-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2960-96-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2068-97-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2484-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1536-99-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1924-101-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/844-100-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1388-102-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2148-103-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1524-104-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1840-105-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/848-107-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1516-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1096-109-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/960-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1996-111-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1716-112-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3036-113-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1600-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2412-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2680-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1596-120-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2964-124-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1568-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1108-166-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.e57f413518cd934a2faac427530d7b3f.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\I:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\O:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\P:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\T:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\U:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\A:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\B:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\W:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\X:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\Q:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\S:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\H:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\N:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\L:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\J:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\K:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\R:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\V:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\Y:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\Z:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\G:	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File opened (read-only)	\??\M:	NEAS.e57f413518cd934a2faac427530d7b3f.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\spanish porn action sleeping .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Google\Update\Download\black horse horse several models (Christine).rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\sperm nude full movie feet lady .zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files\DVD Maker\Shared\cumshot porn uncut black hairunshaved .avi.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\spanish sperm cumshot several models .zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese sperm [bangbus] traffic .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\norwegian beast voyeur legs balls .mpg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia cum uncut hairy .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\cumshot catfight 40+ .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian bukkake catfight .mpeg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fetish hardcore catfight ash pregnant (Liz).avi.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british lingerie bukkake catfight .zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn licking (Ashley,Sarah).mpg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files\Windows Journal\Templates\porn public glans .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse lesbian [milf] .mpeg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish bukkake several models (Melissa).mpeg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\asian gay girls traffic .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian action gang bang public .mpg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\kicking [milf] upskirt .avi.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african beastiality [bangbus] blondie .mpeg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\american fetish licking (Sandy).rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish hardcore kicking licking castration .avi.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish porn kicking public .mpg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\temp\spanish horse animal masturbation legs ash .zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\tmp\canadian lingerie handjob [free] .avi.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\mssrv.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese porn kicking masturbation hole redhair .mpeg.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\malaysia bukkake [milf] hotel .zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\danish handjob hardcore several models (Britney,Janette).zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\american blowjob gang bang big .zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude sperm public sm .rar.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse beast [bangbus] ash (Janette,Janette).zip.exe	NEAS.e57f413518cd934a2faac427530d7b3f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe
548	NEAS.e57f413518cd934a2faac427530d7b3f.exe
336	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2872	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1096	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1348	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2500	NEAS.e57f413518cd934a2faac427530d7b3f.exe
772	NEAS.e57f413518cd934a2faac427530d7b3f.exe
960	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe
548	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1996	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2872	NEAS.e57f413518cd934a2faac427530d7b3f.exe
336	NEAS.e57f413518cd934a2faac427530d7b3f.exe
572	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1644	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1568	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1096	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2396	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1732	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2252	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1348	NEAS.e57f413518cd934a2faac427530d7b3f.exe
2964	NEAS.e57f413518cd934a2faac427530d7b3f.exe
1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2656	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	28
PID 1108 wrote to memory of 2656	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	28
PID 1108 wrote to memory of 2656	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	28
PID 1108 wrote to memory of 2656	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	28
PID 2656 wrote to memory of 2824	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	29
PID 2656 wrote to memory of 2824	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	29
PID 2656 wrote to memory of 2824	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	29
PID 2656 wrote to memory of 2824	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	29
PID 1108 wrote to memory of 2272	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	30
PID 1108 wrote to memory of 2272	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	30
PID 1108 wrote to memory of 2272	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	30
PID 1108 wrote to memory of 2272	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	30
PID 2824 wrote to memory of 2208	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	31
PID 2824 wrote to memory of 2208	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	31
PID 2824 wrote to memory of 2208	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	31
PID 2824 wrote to memory of 2208	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	31
PID 2656 wrote to memory of 336	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	34
PID 2656 wrote to memory of 336	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	34
PID 2656 wrote to memory of 336	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	34
PID 2656 wrote to memory of 336	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	34
PID 1108 wrote to memory of 548	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	33
PID 1108 wrote to memory of 548	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	33
PID 1108 wrote to memory of 548	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	33
PID 1108 wrote to memory of 548	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	33
PID 2272 wrote to memory of 2872	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	32
PID 2272 wrote to memory of 2872	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	32
PID 2272 wrote to memory of 2872	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	32
PID 2272 wrote to memory of 2872	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	32
PID 2208 wrote to memory of 1096	2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe	35
PID 2208 wrote to memory of 1096	2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe	35
PID 2208 wrote to memory of 1096	2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe	35
PID 2208 wrote to memory of 1096	2208	NEAS.e57f413518cd934a2faac427530d7b3f.exe	35
PID 2824 wrote to memory of 1348	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	36
PID 2824 wrote to memory of 1348	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	36
PID 2824 wrote to memory of 1348	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	36
PID 2824 wrote to memory of 1348	2824	NEAS.e57f413518cd934a2faac427530d7b3f.exe	36
PID 1108 wrote to memory of 772	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	42
PID 1108 wrote to memory of 772	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	42
PID 1108 wrote to memory of 772	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	42
PID 1108 wrote to memory of 772	1108	NEAS.e57f413518cd934a2faac427530d7b3f.exe	42
PID 548 wrote to memory of 2500	548	NEAS.e57f413518cd934a2faac427530d7b3f.exe	41
PID 548 wrote to memory of 2500	548	NEAS.e57f413518cd934a2faac427530d7b3f.exe	41
PID 548 wrote to memory of 2500	548	NEAS.e57f413518cd934a2faac427530d7b3f.exe	41
PID 548 wrote to memory of 2500	548	NEAS.e57f413518cd934a2faac427530d7b3f.exe	41
PID 2272 wrote to memory of 960	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	37
PID 2272 wrote to memory of 960	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	37
PID 2272 wrote to memory of 960	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	37
PID 2272 wrote to memory of 960	2272	NEAS.e57f413518cd934a2faac427530d7b3f.exe	37
PID 2656 wrote to memory of 1996	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	40
PID 2656 wrote to memory of 1996	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	40
PID 2656 wrote to memory of 1996	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	40
PID 2656 wrote to memory of 1996	2656	NEAS.e57f413518cd934a2faac427530d7b3f.exe	40
PID 2872 wrote to memory of 1644	2872	NEAS.e57f413518cd934a2faac427530d7b3f.exe	39
PID 2872 wrote to memory of 1644	2872	NEAS.e57f413518cd934a2faac427530d7b3f.exe	39
PID 2872 wrote to memory of 1644	2872	NEAS.e57f413518cd934a2faac427530d7b3f.exe	39
PID 2872 wrote to memory of 1644	2872	NEAS.e57f413518cd934a2faac427530d7b3f.exe	39
PID 336 wrote to memory of 572	336	NEAS.e57f413518cd934a2faac427530d7b3f.exe	38
PID 336 wrote to memory of 572	336	NEAS.e57f413518cd934a2faac427530d7b3f.exe	38
PID 336 wrote to memory of 572	336	NEAS.e57f413518cd934a2faac427530d7b3f.exe	38
PID 336 wrote to memory of 572	336	NEAS.e57f413518cd934a2faac427530d7b3f.exe	38
PID 1096 wrote to memory of 1568	1096	NEAS.e57f413518cd934a2faac427530d7b3f.exe	43
PID 1096 wrote to memory of 1568	1096	NEAS.e57f413518cd934a2faac427530d7b3f.exe	43
PID 1096 wrote to memory of 1568	1096	NEAS.e57f413518cd934a2faac427530d7b3f.exe	43
PID 1096 wrote to memory of 1568	1096	NEAS.e57f413518cd934a2faac427530d7b3f.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        9⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        9⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        9⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        9⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:12504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:15140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:12544
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:12488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:5916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:7396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:10280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:13176
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        7⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:13144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14648
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:5760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:8572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:3300
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:15168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:15340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:13660
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:7732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:10728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:11168
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:11576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:9308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14552
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:10748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:5908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:7540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:13560
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:14412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:13588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:7740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:15316
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  PID:1600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
      4⤵
      PID:13668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:4964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:13548
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  PID:3668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:5784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:8740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
    3⤵
    PID:15124
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  PID:4732
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  PID:7176
- C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e57f413518cd934a2faac427530d7b3f.exe"
  2⤵
  PID:6972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\fetish hardcore catfight ash pregnant (Liz).avi.exe

Filesize
1.3MB

MD5
339092dc61143e6db981cbb0788413ee

SHA1
dd8669cfc04f3d02228a632bf1b56a765661ddd1

SHA256
58810d2d5fa8b472121c5b9d51a6c2666f6e75ca0a7bc16afc83d869113e6827

SHA512
3a6b4570b80431cae673de639cc60f115471ea8a4c6aa954decec66a8a0ace75cb799e4217b1c3f3aee7b7b15f7f561a87b4aadd13866bb4f5b788fccaa9d177

Download Submit
memory/336-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/548-68-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/572-84-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/772-83-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/844-100-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/848-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-79-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1096-121-0x0000000004B50000-0x0000000004B70000-memory.dmp

Filesize
128KB

Download
memory/1096-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1108-114-0x0000000004760000-0x0000000004780000-memory.dmp

Filesize
128KB

Download
memory/1108-23-0x0000000004760000-0x0000000004780000-memory.dmp

Filesize
128KB

Download
memory/1108-21-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1108-46-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1108-60-0x0000000004740000-0x0000000004760000-memory.dmp

Filesize
128KB

Download
memory/1108-88-0x0000000004760000-0x0000000004780000-memory.dmp

Filesize
128KB

Download
memory/1108-166-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1108-94-0x0000000004760000-0x0000000004780000-memory.dmp

Filesize
128KB

Download
memory/1108-126-0x0000000004760000-0x0000000004780000-memory.dmp

Filesize
128KB

Download
memory/1108-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1108-62-0x0000000004760000-0x0000000004780000-memory.dmp

Filesize
128KB

Download
memory/1348-78-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1348-89-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1348-123-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1348-117-0x0000000004910000-0x0000000004930000-memory.dmp

Filesize
128KB

Download
memory/1388-102-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1480-95-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1516-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1524-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1536-99-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1568-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1596-120-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1600-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1644-81-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1716-112-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1732-91-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1840-105-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1996-80-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1996-111-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2068-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2148-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2208-76-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/2208-61-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2208-87-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2208-115-0x0000000004590000-0x00000000045B0000-memory.dmp

Filesize
128KB

Download
memory/2208-125-0x0000000004590000-0x00000000045B0000-memory.dmp

Filesize
128KB

Download
memory/2252-93-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2272-63-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2272-85-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2272-24-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2396-90-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2412-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2484-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2500-82-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2656-75-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2680-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2824-59-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2824-22-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2824-77-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2824-86-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2872-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2960-96-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2964-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2964-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3036-113-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download