f5bfd6cfdf1370570fbe75b934c181df89316ecee70ab6a3211d5e7084b3c928

Analysis

max time kernel
14s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 08:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
Size

93KB
MD5

63608b1dd4a0090acddfd48660d6f1b5
SHA1

c6b0b9474fbcc1c5a5b535ee6f9523d0b290587c
SHA256

f5bfd6cfdf1370570fbe75b934c181df89316ecee70ab6a3211d5e7084b3c928
SHA512

a573594960cd953bb7e43859a200e6b95981faa6ba5294e42b4db1f162fdcd139c1ae67bc442e1bd6a5518b0d0f4f53a1e44658e7b6ce6674d2f585034b0fd2d
SSDEEP

1536:QRVCaKgzbLc54hukfgvYnouy8zV1Ayj4m/QWR/Rlq88vlnRqPR/1aViDRknJM2Sv:YjbLl/gvQoutR1Tj4mYWR/R4nkPR/1ag

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1916-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2976-5-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0008000000015c47-6.dat	upx
behavioral1/memory/1916-11-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2596-12-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2500-52-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2976-53-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2496-55-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2180-56-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2524-58-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3036-64-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1492-63-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1180-62-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2596-66-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/904-67-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2500-69-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2180-70-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/520-73-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1180-72-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1492-74-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2376-76-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2364-75-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/904-84-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2500-85-0x0000000004A50000-0x0000000004A70000-memory.dmp	upx
behavioral1/memory/2720-86-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2768-87-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1128-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2088-93-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2808-91-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2232-89-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2828-90-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2208-94-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2712-88-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/792-97-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1508-95-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1556-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1872-99-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/520-101-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1292-107-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1404-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2376-104-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2096-106-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3012-109-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1720-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2808-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1128-117-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2088-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2828-115-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2768-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2720-113-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1424-121-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3024-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1916-120-0x0000000005250000-0x0000000005270000-memory.dmp	upx
behavioral1/memory/1992-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1576-123-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1872-126-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2600-127-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\A:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\E:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\M:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\O:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\R:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\S:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\V:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\I:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\X:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\G:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\H:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\K:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\P:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\Q:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\U:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\Z:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\B:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\J:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\L:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\N:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\T:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File opened (read-only)	\??\W:	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\handjob voyeur traffic .avi.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\norwegian animal catfight bedroom .rar.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\french nude handjob several models .zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx cum sleeping circumcision (Melissa).zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\german nude lesbian masturbation boots .zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian trambling horse [free] (Ashley).avi.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american bukkake full movie .mpg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast hardcore catfight upskirt .avi.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american nude licking gorgeoushorny .mpeg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\canadian sperm horse girls .mpeg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files\DVD Maker\Shared\cum sleeping .zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files\Windows Journal\Templates\handjob cum big feet shoes .mpg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian bukkake catfight glans .mpeg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\italian porn xxx big swallow .rar.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Program Files (x86)\Google\Temp\japanese hardcore several models cock fishy .mpeg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\norwegian handjob horse catfight hole shoes .avi.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish cumshot cumshot hidden hole .rar.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\french hardcore masturbation .rar.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\mssrv.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beast lesbian [free] swallow (Jade).rar.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia gang bang handjob masturbation vagina (Sandy,Gina).mpeg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian xxx lesbian .mpg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african gay hardcore girls high heels .mpg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian nude [milf] .rar.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\cumshot girls ejaculation .zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse [milf] .avi.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\beastiality kicking masturbation ash hairy .mpg.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\blowjob masturbation .zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chinese bukkake masturbation young .zip.exe	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2500	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2496	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2524	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1492	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2500	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2364	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
904	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1508	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1556	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2496	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
520	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2376	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2524	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2712	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
2720	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2976	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	28
PID 1916 wrote to memory of 2976	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	28
PID 1916 wrote to memory of 2976	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	28
PID 1916 wrote to memory of 2976	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	28
PID 2976 wrote to memory of 3036	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	29
PID 2976 wrote to memory of 3036	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	29
PID 2976 wrote to memory of 3036	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	29
PID 2976 wrote to memory of 3036	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	29
PID 1916 wrote to memory of 2596	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	30
PID 1916 wrote to memory of 2596	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	30
PID 1916 wrote to memory of 2596	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	30
PID 1916 wrote to memory of 2596	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	30
PID 3036 wrote to memory of 2500	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	31
PID 3036 wrote to memory of 2500	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	31
PID 3036 wrote to memory of 2500	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	31
PID 3036 wrote to memory of 2500	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	31
PID 2596 wrote to memory of 2496	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	34
PID 2596 wrote to memory of 2496	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	34
PID 2596 wrote to memory of 2496	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	34
PID 2596 wrote to memory of 2496	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	34
PID 2976 wrote to memory of 2524	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	33
PID 2976 wrote to memory of 2524	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	33
PID 2976 wrote to memory of 2524	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	33
PID 2976 wrote to memory of 2524	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	33
PID 1916 wrote to memory of 2180	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	32
PID 1916 wrote to memory of 2180	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	32
PID 1916 wrote to memory of 2180	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	32
PID 1916 wrote to memory of 2180	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	32
PID 2500 wrote to memory of 1180	2500	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	35
PID 2500 wrote to memory of 1180	2500	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	35
PID 2500 wrote to memory of 1180	2500	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	35
PID 2500 wrote to memory of 1180	2500	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	35
PID 3036 wrote to memory of 1492	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	37
PID 3036 wrote to memory of 1492	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	37
PID 3036 wrote to memory of 1492	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	37
PID 3036 wrote to memory of 1492	3036	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	37
PID 2496 wrote to memory of 2364	2496	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	36
PID 2496 wrote to memory of 2364	2496	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	36
PID 2496 wrote to memory of 2364	2496	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	36
PID 2496 wrote to memory of 2364	2496	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	36
PID 1916 wrote to memory of 904	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	38
PID 1916 wrote to memory of 904	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	38
PID 1916 wrote to memory of 904	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	38
PID 1916 wrote to memory of 904	1916	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	38
PID 2976 wrote to memory of 1508	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	40
PID 2976 wrote to memory of 1508	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	40
PID 2976 wrote to memory of 1508	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	40
PID 2976 wrote to memory of 1508	2976	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	40
PID 2596 wrote to memory of 1556	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	39
PID 2596 wrote to memory of 1556	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	39
PID 2596 wrote to memory of 1556	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	39
PID 2596 wrote to memory of 1556	2596	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	39
PID 2524 wrote to memory of 520	2524	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	41
PID 2524 wrote to memory of 520	2524	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	41
PID 2524 wrote to memory of 520	2524	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	41
PID 2524 wrote to memory of 520	2524	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	41
PID 2180 wrote to memory of 2376	2180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	42
PID 2180 wrote to memory of 2376	2180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	42
PID 2180 wrote to memory of 2376	2180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	42
PID 2180 wrote to memory of 2376	2180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	42
PID 1180 wrote to memory of 2768	1180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	43
PID 1180 wrote to memory of 2768	1180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	43
PID 1180 wrote to memory of 2768	1180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	43
PID 1180 wrote to memory of 2768	1180	NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        10⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        10⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        9⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:13208
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:10728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:10924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:5852
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:9452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:12988
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:10752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:15208
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:11588
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:14388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:13544
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:6044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:11272
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:9612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:5720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:9312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:12956
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
        5⤵
        
        PID:13176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:7060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:11580
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:4684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:7884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:10932
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
      4⤵
      PID:12832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:9856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:13292
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  PID:5100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
    3⤵
    PID:12588
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  PID:6764
- C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.63608b1dd4a0090acddfd48660d6f1b5.exe"
  2⤵
  PID:11064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian bukkake catfight glans .mpeg.exe

Filesize
1.6MB

MD5
63794502ef2973ee43b7fd752d2e5973

SHA1
67ed6cd0bda678e1b6ccd452c4454a156c93aa43

SHA256
b50113aaf5b81071a34c4ba0aa94fd09754d24b4c976c0f349c3ffc89a1598f4

SHA512
c7a0539f60b623a93fbc1bb7204075f398be01ff7636a42480ee2e33ba19f90044cf3d2c94454f928907564864cd839f7ac148ae00419503f53cd4324d3ca418

Download Submit
memory/520-73-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/520-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/792-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/904-67-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/904-84-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1128-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1128-117-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1180-72-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1180-62-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1292-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1404-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1424-121-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1492-63-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1492-74-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1508-95-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1508-96-0x0000000004580000-0x00000000045A0000-memory.dmp

Filesize
128KB

Download
memory/1556-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1576-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1720-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1872-99-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1872-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1916-54-0x0000000005570000-0x0000000005590000-memory.dmp

Filesize
128KB

Download
memory/1916-120-0x0000000005250000-0x0000000005270000-memory.dmp

Filesize
128KB

Download
memory/1916-11-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1916-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1992-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2088-93-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2088-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2096-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-70-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2180-56-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2208-94-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2232-89-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2364-75-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2376-76-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2376-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2496-125-0x00000000045E0000-0x0000000004600000-memory.dmp

Filesize
128KB

Download
memory/2496-65-0x0000000001E90000-0x0000000001EB0000-memory.dmp

Filesize
128KB

Download
memory/2496-55-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2500-52-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2500-85-0x0000000004A50000-0x0000000004A70000-memory.dmp

Filesize
128KB

Download
memory/2500-69-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2524-100-0x00000000047B0000-0x00000000047D0000-memory.dmp

Filesize
128KB

Download
memory/2524-58-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2524-71-0x00000000047B0000-0x00000000047D0000-memory.dmp

Filesize
128KB

Download
memory/2596-66-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2596-68-0x00000000045D0000-0x00000000045F0000-memory.dmp

Filesize
128KB

Download
memory/2596-12-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2600-127-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2712-88-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2720-86-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2720-113-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2768-87-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2768-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2808-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2808-91-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2828-90-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2828-115-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2976-53-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2976-5-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3012-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3024-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3036-51-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/3036-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download