eed7c4322ff2f25f0384a18137820dd884c72821ebc340f7a68f87788d1d2d36

Analysis

max time kernel
15s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
Size

916KB
MD5

aa3baca9ddee6896b69da435724e0cb0
SHA1

fd7f96563db81aac5ba782e407d0de6744760be0
SHA256

eed7c4322ff2f25f0384a18137820dd884c72821ebc340f7a68f87788d1d2d36
SHA512

bd48adf9382337845aaf4afb78957bfdfa94b668f0bc63603c06d493ab8964e49508e557a89b6138255012896de22046aed1ad3f16355cadb79170a7fe84941d
SSDEEP

24576:NSLPZnBqe5GOyvg7V7+Fhty78qVtYHT28OIb5A2B5k+wzZ:NWBqe5vyq+Fhtgd7IqXo5HB5UZ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1368-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0008000000015c2f-5.dat	upx
behavioral1/memory/2632-19-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2632-53-0x00000000006F0000-0x000000000070E000-memory.dmp	upx
behavioral1/memory/2540-54-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1368-55-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2520-57-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2632-59-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2800-61-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2520-63-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1708-65-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1136-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1708-73-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1384-75-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2276-79-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2904-78-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2576-80-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1360-86-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2240-87-0x0000000004910000-0x000000000492E000-memory.dmp	upx
behavioral1/memory/1384-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2276-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2904-93-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2576-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1508-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2192-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2620-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1508-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2504-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2620-114-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1620-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2836-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2700-119-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1404-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3084-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3944-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3844-146-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\H:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\M:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\R:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\U:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\W:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\Y:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\J:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\O:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\P:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\S:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\K:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\L:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\T:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\N:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\Q:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\V:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\X:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\A:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\B:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\G:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\I:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File opened (read-only)	\??\Z:	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black horse lesbian [free] mistress .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black fetish horse [milf] feet .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob lesbian titts ejaculation .zip.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\american cumshot bukkake catfight upskirt .zip.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files\Windows Journal\Templates\danish gang bang bukkake full movie .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish beastiality gay [bangbus] .mpg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish handjob blowjob sleeping (Karin).mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\black cum bukkake public glans balls (Janette).mpg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\italian action fucking [free] hole castration .zip.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files\DVD Maker\Shared\indian cum blowjob [free] mistress .rar.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Google\Temp\xxx [milf] ìï .rar.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake public granny .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish cum trambling sleeping glans .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish fetish hardcore hot (!) redhair .avi.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay masturbation bedroom (Sandy,Curtney).avi.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe

Drops file in Windows directory 19 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian beastiality horse girls hole sm (Sylvia).mpg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian cum fucking [milf] .mpg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob full movie titts redhair .rar.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\tmp\black fetish gay hot (!) ejaculation .rar.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian licking Ôë .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm hidden .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black gang bang sperm full movie high heels .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\Downloaded Program Files\tyrkish animal hardcore masturbation young .rar.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian horse fucking uncut (Janette).mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\temp\swedish animal gay masturbation cock ash (Karin).zip.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian porn trambling uncut (Janette).mpg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish fetish beast several models hole black hairunshaved (Jade).avi.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian horse fucking [bangbus] (Melissa).avi.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lingerie big .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish animal trambling public hole .mpg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\bukkake masturbation titts young (Jade).avi.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie hot (!) .mpeg.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob licking titts beautyfull .zip.exe	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2856	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2240	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1708	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1884	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
320	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1156	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2220	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
596	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2856	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2688	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2680	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2240	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1120	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1868	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1740	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
112	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1884	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1708	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1384	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2276	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2276	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2440	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2440	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2220	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2220	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1156	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1156	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
320	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
320	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2904	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2904	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2576	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2576	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2912	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2912	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2072	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
2072	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1360	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1360	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
1812	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2632	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	28
PID 1368 wrote to memory of 2632	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	28
PID 1368 wrote to memory of 2632	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	28
PID 1368 wrote to memory of 2632	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	28
PID 2632 wrote to memory of 2540	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	29
PID 2632 wrote to memory of 2540	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	29
PID 2632 wrote to memory of 2540	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	29
PID 2632 wrote to memory of 2540	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	29
PID 1368 wrote to memory of 2520	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	30
PID 1368 wrote to memory of 2520	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	30
PID 1368 wrote to memory of 2520	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	30
PID 1368 wrote to memory of 2520	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	30
PID 2632 wrote to memory of 1136	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	31
PID 2632 wrote to memory of 1136	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	31
PID 2632 wrote to memory of 1136	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	31
PID 2632 wrote to memory of 1136	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	31
PID 2540 wrote to memory of 2800	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	32
PID 2540 wrote to memory of 2800	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	32
PID 2540 wrote to memory of 2800	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	32
PID 2540 wrote to memory of 2800	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	32
PID 1368 wrote to memory of 2856	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	33
PID 1368 wrote to memory of 2856	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	33
PID 1368 wrote to memory of 2856	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	33
PID 1368 wrote to memory of 2856	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	33
PID 2520 wrote to memory of 2240	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	34
PID 2520 wrote to memory of 2240	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	34
PID 2520 wrote to memory of 2240	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	34
PID 2520 wrote to memory of 2240	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	34
PID 1136 wrote to memory of 1708	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	35
PID 1136 wrote to memory of 1708	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	35
PID 1136 wrote to memory of 1708	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	35
PID 1136 wrote to memory of 1708	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	35
PID 2632 wrote to memory of 1884	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	36
PID 2632 wrote to memory of 1884	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	36
PID 2632 wrote to memory of 1884	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	36
PID 2632 wrote to memory of 1884	2632	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	36
PID 2856 wrote to memory of 320	2856	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	39
PID 2856 wrote to memory of 320	2856	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	39
PID 2856 wrote to memory of 320	2856	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	39
PID 2856 wrote to memory of 320	2856	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	39
PID 2800 wrote to memory of 2220	2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	38
PID 2800 wrote to memory of 2220	2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	38
PID 2800 wrote to memory of 2220	2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	38
PID 2800 wrote to memory of 2220	2800	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	38
PID 2540 wrote to memory of 1156	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	37
PID 2540 wrote to memory of 1156	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	37
PID 2540 wrote to memory of 1156	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	37
PID 2540 wrote to memory of 1156	2540	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	37
PID 1368 wrote to memory of 596	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	40
PID 1368 wrote to memory of 596	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	40
PID 1368 wrote to memory of 596	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	40
PID 1368 wrote to memory of 596	1368	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	40
PID 2240 wrote to memory of 2688	2240	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	41
PID 2240 wrote to memory of 2688	2240	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	41
PID 2240 wrote to memory of 2688	2240	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	41
PID 2240 wrote to memory of 2688	2240	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	41
PID 2520 wrote to memory of 2680	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	42
PID 2520 wrote to memory of 2680	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	42
PID 2520 wrote to memory of 2680	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	42
PID 2520 wrote to memory of 2680	2520	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	42
PID 1136 wrote to memory of 1120	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	46
PID 1136 wrote to memory of 1120	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	46
PID 1136 wrote to memory of 1120	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	46
PID 1136 wrote to memory of 1120	1136	NEAS.aa3baca9ddee6896b69da435724e0cb0.exe	46

C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        9⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        9⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        9⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        9⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:18004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        9⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:10032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:12604
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:18020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:18012
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:14900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:11436
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        8⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        7⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:14652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:9236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17648
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:12012
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:13016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:8416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:12484
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:12220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:11248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:9908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:11400
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  PID:1676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
      4⤵
      PID:17776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:11484
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:17760
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  PID:4168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:8248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:12648
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  PID:5976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:8344
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  PID:7800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
    3⤵
    PID:9904
- C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.aa3baca9ddee6896b69da435724e0cb0.exe"
  2⤵
  PID:13408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish beastiality gay [bangbus] .mpg.exe

Filesize
175KB

MD5
8838cabc89aa0a6a785deb93dd0c865d

SHA1
bd2777ec53b4f200b2b207128061a4afe56097e8

SHA256
425a1e1b43d9aaf5ddf381cc2b396bba942c8ae7e23b5a347dff3450edebb346

SHA512
0336cee923dfa23315d7e9490a03ff97be28b81ba0717967d54bfaee59af6756cfe26fa121a70bc8fb36380ade33af391ad2d7c8fdeee583d173c50940d2cdde

Download Submit
memory/112-111-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/320-76-0x0000000000790000-0x00000000007AE000-memory.dmp

Filesize
120KB

Download
memory/320-91-0x0000000000790000-0x00000000007AE000-memory.dmp

Filesize
120KB

Download
memory/1136-71-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1136-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1136-64-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1360-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1368-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1368-56-0x0000000004F90000-0x0000000004FAE000-memory.dmp

Filesize
120KB

Download
memory/1368-58-0x0000000004F90000-0x0000000004FAE000-memory.dmp

Filesize
120KB

Download
memory/1368-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1384-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1384-75-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1404-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1508-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1508-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1620-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1708-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1708-73-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1740-110-0x00000000047B0000-0x00000000047CE000-memory.dmp

Filesize
120KB

Download
memory/1740-101-0x00000000047B0000-0x00000000047CE000-memory.dmp

Filesize
120KB

Download
memory/1812-133-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1868-108-0x0000000001F90000-0x0000000001FAE000-memory.dmp

Filesize
120KB

Download
memory/1884-102-0x0000000000730000-0x000000000074E000-memory.dmp

Filesize
120KB

Download
memory/1884-134-0x0000000004940000-0x000000000495E000-memory.dmp

Filesize
120KB

Download
memory/2016-140-0x0000000001F40000-0x0000000001F5E000-memory.dmp

Filesize
120KB

Download
memory/2192-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2220-92-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2220-77-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2240-87-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2276-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2276-79-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2504-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2520-63-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2520-57-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2520-62-0x0000000000540000-0x000000000055E000-memory.dmp

Filesize
120KB

Download
memory/2540-70-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2540-54-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2540-60-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2576-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2576-80-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2620-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2620-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2632-67-0x0000000000700000-0x000000000071E000-memory.dmp

Filesize
120KB

Download
memory/2632-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2632-107-0x0000000004930000-0x000000000494E000-memory.dmp

Filesize
120KB

Download
memory/2632-53-0x00000000006F0000-0x000000000070E000-memory.dmp

Filesize
120KB

Download
memory/2632-66-0x0000000000700000-0x000000000071E000-memory.dmp

Filesize
120KB

Download
memory/2632-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2680-100-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/2700-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2800-74-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2800-61-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2800-113-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2800-88-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/2836-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2856-117-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2856-69-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2904-78-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-93-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2904-144-0x0000000004910000-0x000000000492E000-memory.dmp

Filesize
120KB

Download
memory/3084-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3844-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3944-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download