ab0af9de8d297ffd7c1e554a4a9b00181eadf9c295f49851f85a6030d5da35cf

Analysis

max time kernel
24s
max time network
135s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.eb740b495a33785a50133ca33ce6f800.exe
Size

270KB
MD5

eb740b495a33785a50133ca33ce6f800
SHA1

c8545bc196eb5c2c57da0be174907c21be24ab83
SHA256

ab0af9de8d297ffd7c1e554a4a9b00181eadf9c295f49851f85a6030d5da35cf
SHA512

73896ba7d6122869089ec9a5433e9e3e391862645c1ea25916a8ba381082b0fb0da9684eb1502e0fef678330f859bb279cda282a4e97df1b490015bcac290a7f
SSDEEP

6144:CjluQoSIIo5RK8fs4+zGSF4GcZA4WVCcWjwh5UpWzt4AJHSWfuYp:CEQoSs7cGXq4ljwFvXp

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000016adb-5.dat	upx
behavioral1/memory/2996-42-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2516-45-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2996-46-0x0000000004EC0000-0x0000000004EDF000-memory.dmp	upx
behavioral1/memory/1924-47-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/324-49-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2996-48-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2752-50-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2824-52-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2440-54-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2792-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2876-56-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1028-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2820-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2924-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1492-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2548-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1512-63-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2108-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2472-65-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1288-66-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2080-67-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2380-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2496-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1684-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2576-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1252-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1148-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2096-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1332-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1924-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/324-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1880-79-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/440-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1720-81-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2924-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1684-84-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1880-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2084-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/988-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1392-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1876-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1032-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1040-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1700-95-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1712-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2268-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3060-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1016-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2308-103-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3044-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1964-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2996-151-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.eb740b495a33785a50133ca33ce6f800.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\E:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\L:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\P:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\X:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\Z:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\I:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\J:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\V:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\U:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\A:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\H:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\M:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\N:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\O:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\Q:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\S:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\W:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\Y:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\G:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\K:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\R:	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File opened (read-only)	\??\T:	NEAS.eb740b495a33785a50133ca33ce6f800.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian horse fucking hidden (Sylvia).mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake hidden bondage .mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian animal lesbian [bangbus] swallow .mpg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian animal horse lesbian .mpg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian porn lesbian big cock hairy .mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian gang bang lingerie hot (!) titts .zip.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx full movie glans hotel (Janette).mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\italian cum xxx sleeping blondie (Sonja,Jade).mpg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Google\Temp\black nude lesbian [free] pregnant .avi.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish handjob lesbian full movie glans mature (Karin).avi.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish gang bang horse uncut cock .rar.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish gang bang beast lesbian (Jade).rar.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian cumshot trambling hot (!) .zip.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files\Windows Journal\Templates\indian horse lingerie hot (!) upskirt (Christine,Jade).zip.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [bangbus] traffic .avi.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lingerie girls feet beautyfull (Janette).avi.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian horse lingerie big granny .mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish handjob horse lesbian shoes .avi.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish action blowjob hot (!) boots .rar.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish kicking bukkake full movie cock (Ashley,Karin).mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese kicking lingerie big cock young .mpg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian handjob bukkake uncut .zip.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\mssrv.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian beastiality trambling uncut feet .avi.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie hot (!) (Jade).mpg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\hardcore uncut .rar.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian porn bukkake hot (!) cock penetration .mpeg.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black animal bukkake licking .rar.exe	NEAS.eb740b495a33785a50133ca33ce6f800.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1332	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1924	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2496	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2576	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2096	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1148	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe
324	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2824	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1720	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2440	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1924	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2820	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2792	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2876	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1332	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2496	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1028	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2096	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1492	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2576	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2924	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1148	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1512	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1288	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2108	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2824	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2824	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2080	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2080	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2472	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2472	NEAS.eb740b495a33785a50133ca33ce6f800.exe
324	NEAS.eb740b495a33785a50133ca33ce6f800.exe
324	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2380	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2380	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1720	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1720	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1684	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1684	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1252	NEAS.eb740b495a33785a50133ca33ce6f800.exe
1252	NEAS.eb740b495a33785a50133ca33ce6f800.exe
2440	NEAS.eb740b495a33785a50133ca33ce6f800.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2752	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	28
PID 2996 wrote to memory of 2752	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	28
PID 2996 wrote to memory of 2752	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	28
PID 2996 wrote to memory of 2752	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	28
PID 2752 wrote to memory of 2548	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	29
PID 2752 wrote to memory of 2548	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	29
PID 2752 wrote to memory of 2548	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	29
PID 2752 wrote to memory of 2548	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	29
PID 2752 wrote to memory of 2496	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	31
PID 2752 wrote to memory of 2496	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	31
PID 2752 wrote to memory of 2496	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	31
PID 2752 wrote to memory of 2496	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	31
PID 2996 wrote to memory of 2516	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	30
PID 2996 wrote to memory of 2516	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	30
PID 2996 wrote to memory of 2516	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	30
PID 2996 wrote to memory of 2516	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	30
PID 2548 wrote to memory of 2576	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	32
PID 2548 wrote to memory of 2576	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	32
PID 2548 wrote to memory of 2576	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	32
PID 2548 wrote to memory of 2576	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	32
PID 2752 wrote to memory of 1148	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	33
PID 2752 wrote to memory of 1148	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	33
PID 2752 wrote to memory of 1148	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	33
PID 2752 wrote to memory of 1148	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	33
PID 2996 wrote to memory of 2096	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	34
PID 2996 wrote to memory of 2096	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	34
PID 2996 wrote to memory of 2096	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	34
PID 2996 wrote to memory of 2096	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	34
PID 2548 wrote to memory of 1332	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	35
PID 2548 wrote to memory of 1332	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	35
PID 2548 wrote to memory of 1332	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	35
PID 2548 wrote to memory of 1332	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	35
PID 2516 wrote to memory of 1924	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	36
PID 2516 wrote to memory of 1924	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	36
PID 2516 wrote to memory of 1924	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	36
PID 2516 wrote to memory of 1924	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	36
PID 2752 wrote to memory of 324	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	37
PID 2752 wrote to memory of 324	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	37
PID 2752 wrote to memory of 324	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	37
PID 2752 wrote to memory of 324	2752	NEAS.eb740b495a33785a50133ca33ce6f800.exe	37
PID 2996 wrote to memory of 2824	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	38
PID 2996 wrote to memory of 2824	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	38
PID 2996 wrote to memory of 2824	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	38
PID 2996 wrote to memory of 2824	2996	NEAS.eb740b495a33785a50133ca33ce6f800.exe	38
PID 2548 wrote to memory of 1720	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	39
PID 2548 wrote to memory of 1720	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	39
PID 2548 wrote to memory of 1720	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	39
PID 2548 wrote to memory of 1720	2548	NEAS.eb740b495a33785a50133ca33ce6f800.exe	39
PID 1924 wrote to memory of 2440	1924	NEAS.eb740b495a33785a50133ca33ce6f800.exe	40
PID 1924 wrote to memory of 2440	1924	NEAS.eb740b495a33785a50133ca33ce6f800.exe	40
PID 1924 wrote to memory of 2440	1924	NEAS.eb740b495a33785a50133ca33ce6f800.exe	40
PID 1924 wrote to memory of 2440	1924	NEAS.eb740b495a33785a50133ca33ce6f800.exe	40
PID 2496 wrote to memory of 2792	2496	NEAS.eb740b495a33785a50133ca33ce6f800.exe	44
PID 2496 wrote to memory of 2792	2496	NEAS.eb740b495a33785a50133ca33ce6f800.exe	44
PID 2496 wrote to memory of 2792	2496	NEAS.eb740b495a33785a50133ca33ce6f800.exe	44
PID 2496 wrote to memory of 2792	2496	NEAS.eb740b495a33785a50133ca33ce6f800.exe	44
PID 1332 wrote to memory of 2820	1332	NEAS.eb740b495a33785a50133ca33ce6f800.exe	41
PID 1332 wrote to memory of 2820	1332	NEAS.eb740b495a33785a50133ca33ce6f800.exe	41
PID 1332 wrote to memory of 2820	1332	NEAS.eb740b495a33785a50133ca33ce6f800.exe	41
PID 1332 wrote to memory of 2820	1332	NEAS.eb740b495a33785a50133ca33ce6f800.exe	41
PID 2516 wrote to memory of 2876	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	43
PID 2516 wrote to memory of 2876	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	43
PID 2516 wrote to memory of 2876	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	43
PID 2516 wrote to memory of 2876	2516	NEAS.eb740b495a33785a50133ca33ce6f800.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        9⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        9⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        9⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:8300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:11988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:11668
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:10212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:12300
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        7⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:11692
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:11756
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        6⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:13308
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:12060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:11884
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:11788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:3640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:12292
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:12916
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  PID:5732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:13164
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  PID:7984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
    3⤵
    PID:13320
- C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.eb740b495a33785a50133ca33ce6f800.exe"
  2⤵
  PID:13416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [bangbus] traffic .avi.exe

Filesize
347KB

MD5
bcd86a7adc60ab80a32a552ce8b785f4

SHA1
1ff2372d86c37e0b3df29697ee08afe54b00ef1c

SHA256
7e09273675681e278e81c29ca25e0ae1f440c4bf8008ac78a48b2ebf3cae8680

SHA512
0488dba3fa6c4fec3e9f4a48680b1cb4601902ed7f5e500744ab1ed8a5686f0edb69c34141e9eeeb984adae4b6d58e75d35d8357742619ffb6737897fce8a1af

Download Submit
memory/324-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/324-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/440-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/988-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1016-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1028-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1032-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1040-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1148-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1252-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1288-97-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/1288-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1332-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1392-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1492-91-0x00000000045C0000-0x00000000045DF000-memory.dmp

Filesize
124KB

Download
memory/1492-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1512-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-84-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1700-95-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1712-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1720-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1720-105-0x0000000001F70000-0x0000000001F8F000-memory.dmp

Filesize
124KB

Download
memory/1876-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1880-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1880-79-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1924-85-0x0000000001F10000-0x0000000001F2F000-memory.dmp

Filesize
124KB

Download
memory/1924-47-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1924-72-0x0000000001F10000-0x0000000001F2F000-memory.dmp

Filesize
124KB

Download
memory/1924-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1924-53-0x0000000001EC0000-0x0000000001EDF000-memory.dmp

Filesize
124KB

Download
memory/1964-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2080-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2084-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2096-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2108-101-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/2108-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2268-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2308-103-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2380-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2440-54-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2472-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2496-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2516-45-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2548-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2576-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2752-50-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2752-51-0x00000000045F0000-0x000000000460F000-memory.dmp

Filesize
124KB

Download
memory/2752-43-0x0000000001ED0000-0x0000000001EEF000-memory.dmp

Filesize
124KB

Download
memory/2792-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2820-87-0x0000000001FD0000-0x0000000001FEF000-memory.dmp

Filesize
124KB

Download
memory/2820-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2824-107-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2824-96-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/2824-52-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2876-56-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2924-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2924-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2996-46-0x0000000004EC0000-0x0000000004EDF000-memory.dmp

Filesize
124KB

Download
memory/2996-42-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2996-48-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2996-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2996-44-0x00000000051E0000-0x00000000051FF000-memory.dmp

Filesize
124KB

Download
memory/2996-151-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3044-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3060-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download