579034e8ecd2e8ca67af72a8a35561745a79f8d1e3eaebd3444cbb543cf74491

Analysis

max time kernel
126s
max time network
52s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
Size

1.4MB
MD5

c2b7d4e7bb2fa8c69e09ae5d75a9e5f0
SHA1

cc6e79dc9611e3f69402c46583564b00448de8a8
SHA256

579034e8ecd2e8ca67af72a8a35561745a79f8d1e3eaebd3444cbb543cf74491
SHA512

51566a3f76e5777ec684b5cc2cf0e78cb77af31cdcd4417ec13a44c251ecb37692667cecec22d5f2077740a7f2733c08a7c90994bb5786606321eae93cb05888
SSDEEP

24576:NSLhul9bbFm5T6TgB8SnFApBoPD/d+p95lrvlJFVwvZPeBH6jkfXsstR05Ja7gmo:NVl9R2BLiePDEp95lRWP4UqXs+u5JaNo

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2540-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2540-3-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2540-6-0x0000000004840000-0x000000000485E000-memory.dmp	upx
behavioral1/memory/2520-7-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0026000000016c67-9.dat	upx
behavioral1/memory/548-34-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1476-35-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1188-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2520-74-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3000-76-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/548-77-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1476-78-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2924-86-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1788-87-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1064-88-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2112-90-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2924-91-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2592-99-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2824-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/572-101-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1252-102-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2828-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2604-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2816-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2920-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2544-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3124-108-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3176-110-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3164-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1788-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3324-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1924-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2824-123-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2592-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/572-124-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1252-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2828-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2604-127-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2816-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2920-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2544-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\E:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\G:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\H:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\L:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\S:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\X:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\P:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\R:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\Y:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\B:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\K:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\M:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\N:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\V:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\W:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\Z:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\I:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\J:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\O:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\Q:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\T:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File opened (read-only)	\??\U:	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\xxx full movie mature (Jenna,Karin).mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\hardcore [bangbus] cock wifey .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian several models hairy .mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american animal lesbian several models hole (Christine,Samantha).rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese handjob bukkake hidden glans (Britney,Janette).avi.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american horse horse masturbation hole .avi.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Google\Temp\fucking licking .avi.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake masturbation redhair .avi.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black cum blowjob catfight sm .zip.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese gang bang sperm hot (!) cock (Sandy,Jade).mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish kicking lingerie voyeur (Tatjana).avi.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files\DVD Maker\Shared\japanese beastiality xxx several models (Janette).mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files\Windows Journal\Templates\black handjob fucking several models .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american cumshot sperm public sweet (Sonja,Samantha).mpg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish kicking fucking big castration .mpg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fucking catfight feet fishy .zip.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian action xxx [bangbus] castration .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian fetish xxx uncut hole fishy .avi.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fetish trambling girls .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black fetish lingerie hidden (Sarah).mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\tmp\swedish fetish hardcore licking glans high heels (Melissa).mpg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian horse lingerie licking feet (Sandy,Tatjana).rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish horse lingerie catfight feet ¼ç (Janette).rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black horse blowjob voyeur pregnant .mpg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse [free] glans circumcision .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black porn hardcore licking (Karin).rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish fetish gay girls feet .mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish porn lesbian [free] (Samantha).zip.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse public pregnant .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\temp\hardcore [free] (Janette).mpeg.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\mssrv.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish horse fucking big hole sm .rar.exe	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2800	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1808	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1636	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
840	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1704	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2336	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2080	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
3000	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
820	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
400	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1324	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1044	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2800	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1636	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1700	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1048	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1496	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1624	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1808	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2924	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1788	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1064	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1924	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2112	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2908	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2780	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1704	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1704	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
840	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
840	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2336	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
2336	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2520	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	27
PID 2540 wrote to memory of 2520	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	27
PID 2540 wrote to memory of 2520	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	27
PID 2540 wrote to memory of 2520	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	27
PID 2520 wrote to memory of 548	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	28
PID 2520 wrote to memory of 548	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	28
PID 2520 wrote to memory of 548	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	28
PID 2520 wrote to memory of 548	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	28
PID 2540 wrote to memory of 1476	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	29
PID 2540 wrote to memory of 1476	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	29
PID 2540 wrote to memory of 1476	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	29
PID 2540 wrote to memory of 1476	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	29
PID 548 wrote to memory of 1448	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	30
PID 548 wrote to memory of 1448	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	30
PID 548 wrote to memory of 1448	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	30
PID 548 wrote to memory of 1448	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	30
PID 1476 wrote to memory of 1188	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	32
PID 1476 wrote to memory of 1188	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	32
PID 1476 wrote to memory of 1188	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	32
PID 1476 wrote to memory of 1188	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	32
PID 2520 wrote to memory of 2040	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	31
PID 2520 wrote to memory of 2040	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	31
PID 2520 wrote to memory of 2040	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	31
PID 2520 wrote to memory of 2040	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	31
PID 2540 wrote to memory of 1752	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	33
PID 2540 wrote to memory of 1752	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	33
PID 2540 wrote to memory of 1752	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	33
PID 2540 wrote to memory of 1752	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	33
PID 1448 wrote to memory of 2800	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	34
PID 1448 wrote to memory of 2800	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	34
PID 1448 wrote to memory of 2800	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	34
PID 1448 wrote to memory of 2800	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	34
PID 1188 wrote to memory of 1808	1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	35
PID 1188 wrote to memory of 1808	1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	35
PID 1188 wrote to memory of 1808	1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	35
PID 1188 wrote to memory of 1808	1188	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	35
PID 548 wrote to memory of 840	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	36
PID 548 wrote to memory of 840	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	36
PID 548 wrote to memory of 840	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	36
PID 548 wrote to memory of 840	548	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	36
PID 1476 wrote to memory of 1636	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	38
PID 1476 wrote to memory of 1636	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	38
PID 1476 wrote to memory of 1636	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	38
PID 1476 wrote to memory of 1636	1476	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	38
PID 2520 wrote to memory of 1704	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	37
PID 2520 wrote to memory of 1704	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	37
PID 2520 wrote to memory of 1704	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	37
PID 2520 wrote to memory of 1704	2520	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	37
PID 2540 wrote to memory of 2336	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	39
PID 2540 wrote to memory of 2336	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	39
PID 2540 wrote to memory of 2336	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	39
PID 2540 wrote to memory of 2336	2540	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	39
PID 2040 wrote to memory of 3000	2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	40
PID 2040 wrote to memory of 3000	2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	40
PID 2040 wrote to memory of 3000	2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	40
PID 2040 wrote to memory of 3000	2040	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	40
PID 1752 wrote to memory of 2080	1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	41
PID 1752 wrote to memory of 2080	1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	41
PID 1752 wrote to memory of 2080	1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	41
PID 1752 wrote to memory of 2080	1752	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	41
PID 1448 wrote to memory of 1324	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	45
PID 1448 wrote to memory of 1324	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	45
PID 1448 wrote to memory of 1324	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	45
PID 1448 wrote to memory of 1324	1448	NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe	45

C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        9⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        8⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:10356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:9984
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:12252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:8168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:10388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:14088
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:10132
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        7⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:10080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9184
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:11360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9200
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:5412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:10116
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:11668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:10372
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:13488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:10192
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
        5⤵
        
        PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:10220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:11348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:5536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:10396
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  PID:1504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:10012
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:14664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:10124
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  PID:3552
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
      4⤵
      PID:13308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:10180
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  PID:5000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
    3⤵
    PID:7832
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  PID:7356
- C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.c2b7d4e7bb2fa8c69e09ae5d75a9e5f0.exe"
  2⤵
  PID:13276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american cumshot sperm public sweet (Sonja,Samantha).mpg.exe

Filesize
179KB

MD5
05bffae5a56d6c2cd3d21e5dcce1a887

SHA1
d7bb59f7802f7d98435aae24ba5ef3d742227a92

SHA256
73b99a5df42d32f5ae9a685125809792ef84ea1a44c2aae4596a740dd7fb3a0d

SHA512
e7f0f2f4dc49fe02608ddda9ac0b091b689f2def5a7b5dc8c3d406298fc73fe3d850b457b7ec7c4c08ed78ffa61d47bd77eab533e6486b106378292dd8a42b81

Download Submit
memory/400-96-0x00000000047B0000-0x00000000047CE000-memory.dmp

Filesize
120KB

Download
memory/548-66-0x00000000047D0000-0x00000000047EE000-memory.dmp

Filesize
120KB

Download
memory/548-79-0x00000000047D0000-0x00000000047EE000-memory.dmp

Filesize
120KB

Download
memory/548-77-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/548-34-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/548-82-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/572-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/572-101-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/840-115-0x00000000045D0000-0x00000000045EE000-memory.dmp

Filesize
120KB

Download
memory/1064-98-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1064-121-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1064-88-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1188-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1252-102-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1252-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1324-113-0x0000000004520000-0x000000000453E000-memory.dmp

Filesize
120KB

Download
memory/1448-81-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/1448-75-0x00000000043F0000-0x000000000440E000-memory.dmp

Filesize
120KB

Download
memory/1476-35-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1476-83-0x0000000004A50000-0x0000000004A6E000-memory.dmp

Filesize
120KB

Download
memory/1476-69-0x00000000047B0000-0x00000000047CE000-memory.dmp

Filesize
120KB

Download
memory/1476-89-0x0000000004A50000-0x0000000004A6E000-memory.dmp

Filesize
120KB

Download
memory/1476-78-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1496-119-0x0000000001F20000-0x0000000001F3E000-memory.dmp

Filesize
120KB

Download
memory/1752-85-0x00000000006F0000-0x000000000070E000-memory.dmp

Filesize
120KB

Download
memory/1788-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1788-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1924-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2112-90-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2520-67-0x00000000021F0000-0x000000000220E000-memory.dmp

Filesize
120KB

Download
memory/2520-84-0x00000000046F0000-0x000000000470E000-memory.dmp

Filesize
120KB

Download
memory/2520-74-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2520-80-0x00000000021F0000-0x000000000220E000-memory.dmp

Filesize
120KB

Download
memory/2520-33-0x00000000021A0000-0x00000000021BE000-memory.dmp

Filesize
120KB

Download
memory/2520-7-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-6-0x0000000004840000-0x000000000485E000-memory.dmp

Filesize
120KB

Download
memory/2540-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2544-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2544-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2592-99-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2592-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2612-118-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/2816-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2828-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2828-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2908-114-0x00000000044E0000-0x00000000044FE000-memory.dmp

Filesize
120KB

Download
memory/2920-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2920-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2924-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2924-120-0x0000000001DD0000-0x0000000001DEE000-memory.dmp

Filesize
120KB

Download
memory/2924-97-0x0000000001DD0000-0x0000000001DEE000-memory.dmp

Filesize
120KB

Download
memory/2924-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3000-109-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/3000-76-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3124-108-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3164-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3176-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3324-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download