7e7cff1e88338f50add938bd685915ad3bde0cb2fc66b3addda589694d87db43

Analysis

max time kernel
57s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/10/2023, 21:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.55dae9752180864325ac9da40c19fe00.exe
Size

708KB
MD5

55dae9752180864325ac9da40c19fe00
SHA1

f52b962cbcfbc263b85a6bb22954dc00a448e323
SHA256

7e7cff1e88338f50add938bd685915ad3bde0cb2fc66b3addda589694d87db43
SHA512

18bea15216d231a76969770ed1cc6974fd7bc73e3a55e4a392614a721bebb685e80c31e06de8a16480aefc7beac22e5865166835db68865e5a08423d4afc3ea5
SSDEEP

12288:A8EQoSM/6dRydjbHYaXFyhaDkdxQPrbeKWK54Hp03YYgWBgp4VwxSqf2bi:A8tdwp7oaMQjSdG3IUqfoi

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 31 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x00080000000139ff-5.dat	upx
behavioral1/memory/2540-64-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2368-65-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2616-66-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2596-68-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/652-71-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/284-72-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2540-73-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2032-74-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2892-77-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1704-78-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2040-80-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/652-83-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/284-85-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2368-86-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2032-87-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2892-90-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2040-91-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1948-92-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3008-93-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1264-94-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/292-95-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1984-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2172-100-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/268-101-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2276-102-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/752-114-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2844-115-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3008-116-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3068-117-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.55dae9752180864325ac9da40c19fe00.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\Q:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\T:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\U:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\A:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\K:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\N:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\O:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\Y:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\R:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\S:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\V:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\B:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\E:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\H:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\L:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\M:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\W:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\I:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\J:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\P:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\X:	NEAS.55dae9752180864325ac9da40c19fe00.exe
File opened (read-only)	\??\Z:	NEAS.55dae9752180864325ac9da40c19fe00.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\black gang bang hardcore licking balls (Sandy,Liz).avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\IME\shared\danish nude xxx girls hole black hairunshaved .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore big .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian horse blowjob [bangbus] feet leather (Jade).mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian action blowjob uncut cock .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\IME\shared\sperm [free] lady .avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cum xxx lesbian titts swallow (Jade).mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese xxx hot (!) .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake lesbian girly .mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian animal xxx uncut glans .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese kicking beast hidden hole ash .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling [free] glans bedroom .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm uncut glans bondage (Sylvia).mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish fetish xxx girls hole pregnant .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files\Common Files\Microsoft Shared\indian animal horse big ìï .mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie [milf] .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian action gay full movie titts circumcision .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fucking uncut .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse hot (!) hotel .avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian kicking blowjob big shoes .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files\DVD Maker\Shared\tyrkish gang bang fucking catfight cock bedroom (Tatjana).rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Google\Temp\american porn lingerie sleeping .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese horse beast full movie (Sylvia).mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files\Windows Journal\Templates\blowjob several models 50+ .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx [free] cock wifey .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake hot (!) (Tatjana).mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm uncut hole .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black nude sperm [bangbus] titts shoes .avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian nude xxx [free] .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american handjob trambling public (Sylvia).mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\SoftwareDistribution\Download\american porn lesbian [bangbus] feet .avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\mssrv.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\horse uncut sm .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\lingerie hidden feet beautyfull .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse hidden .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking big glans gorgeoushorny .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\tmp\indian horse lesbian masturbation (Tatjana).avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\security\templates\lingerie masturbation titts ìï .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish beastiality lingerie hot (!) mistress .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse masturbation feet redhair .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\temp\danish animal fucking hot (!) (Samantha).zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tyrkish gang bang fucking hidden sweet .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\PLA\Templates\danish handjob beast catfight .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish kicking beast [bangbus] (Tatjana).avi.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black cum lingerie public hairy .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese cumshot trambling [free] blondie .mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beast hot (!) feet black hairunshaved (Karin).mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm [bangbus] mistress .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish animal lingerie sleeping cock castration .mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish beastiality blowjob voyeur glans .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking licking high heels .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\Downloaded Program Files\russian kicking xxx [milf] .mpg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian kicking trambling voyeur gorgeoushorny .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish porn horse [milf] titts granny .rar.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia lesbian sleeping .mpeg.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian nude fucking [bangbus] fishy .zip.exe	NEAS.55dae9752180864325ac9da40c19fe00.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2368	NEAS.55dae9752180864325ac9da40c19fe00.exe
2596	NEAS.55dae9752180864325ac9da40c19fe00.exe
2368	NEAS.55dae9752180864325ac9da40c19fe00.exe
2596	NEAS.55dae9752180864325ac9da40c19fe00.exe
2540	NEAS.55dae9752180864325ac9da40c19fe00.exe
2616	NEAS.55dae9752180864325ac9da40c19fe00.exe
2368	NEAS.55dae9752180864325ac9da40c19fe00.exe
2596	NEAS.55dae9752180864325ac9da40c19fe00.exe
1704	NEAS.55dae9752180864325ac9da40c19fe00.exe
284	NEAS.55dae9752180864325ac9da40c19fe00.exe
652	NEAS.55dae9752180864325ac9da40c19fe00.exe
2540	NEAS.55dae9752180864325ac9da40c19fe00.exe
2616	NEAS.55dae9752180864325ac9da40c19fe00.exe
2032	NEAS.55dae9752180864325ac9da40c19fe00.exe
2368	NEAS.55dae9752180864325ac9da40c19fe00.exe
2892	NEAS.55dae9752180864325ac9da40c19fe00.exe
2596	NEAS.55dae9752180864325ac9da40c19fe00.exe
2040	NEAS.55dae9752180864325ac9da40c19fe00.exe
1704	NEAS.55dae9752180864325ac9da40c19fe00.exe
1948	NEAS.55dae9752180864325ac9da40c19fe00.exe
1264	NEAS.55dae9752180864325ac9da40c19fe00.exe
2172	NEAS.55dae9752180864325ac9da40c19fe00.exe
268	NEAS.55dae9752180864325ac9da40c19fe00.exe
652	NEAS.55dae9752180864325ac9da40c19fe00.exe
752	NEAS.55dae9752180864325ac9da40c19fe00.exe
284	NEAS.55dae9752180864325ac9da40c19fe00.exe
2616	NEAS.55dae9752180864325ac9da40c19fe00.exe
2844	NEAS.55dae9752180864325ac9da40c19fe00.exe
2540	NEAS.55dae9752180864325ac9da40c19fe00.exe
2368	NEAS.55dae9752180864325ac9da40c19fe00.exe
2032	NEAS.55dae9752180864325ac9da40c19fe00.exe
3008	NEAS.55dae9752180864325ac9da40c19fe00.exe
292	NEAS.55dae9752180864325ac9da40c19fe00.exe
2596	NEAS.55dae9752180864325ac9da40c19fe00.exe
2892	NEAS.55dae9752180864325ac9da40c19fe00.exe
1984	NEAS.55dae9752180864325ac9da40c19fe00.exe
2276	NEAS.55dae9752180864325ac9da40c19fe00.exe
2040	NEAS.55dae9752180864325ac9da40c19fe00.exe
1704	NEAS.55dae9752180864325ac9da40c19fe00.exe
280	NEAS.55dae9752180864325ac9da40c19fe00.exe
3068	NEAS.55dae9752180864325ac9da40c19fe00.exe
1948	NEAS.55dae9752180864325ac9da40c19fe00.exe
1264	NEAS.55dae9752180864325ac9da40c19fe00.exe
1124	NEAS.55dae9752180864325ac9da40c19fe00.exe
268	NEAS.55dae9752180864325ac9da40c19fe00.exe
1972	NEAS.55dae9752180864325ac9da40c19fe00.exe
964	NEAS.55dae9752180864325ac9da40c19fe00.exe
2528	NEAS.55dae9752180864325ac9da40c19fe00.exe
2172	NEAS.55dae9752180864325ac9da40c19fe00.exe
652	NEAS.55dae9752180864325ac9da40c19fe00.exe
284	NEAS.55dae9752180864325ac9da40c19fe00.exe
2616	NEAS.55dae9752180864325ac9da40c19fe00.exe
2988	NEAS.55dae9752180864325ac9da40c19fe00.exe
2012	NEAS.55dae9752180864325ac9da40c19fe00.exe
752	NEAS.55dae9752180864325ac9da40c19fe00.exe
884	NEAS.55dae9752180864325ac9da40c19fe00.exe
736	NEAS.55dae9752180864325ac9da40c19fe00.exe
624	NEAS.55dae9752180864325ac9da40c19fe00.exe
2540	NEAS.55dae9752180864325ac9da40c19fe00.exe
2368	NEAS.55dae9752180864325ac9da40c19fe00.exe
2032	NEAS.55dae9752180864325ac9da40c19fe00.exe
2392	NEAS.55dae9752180864325ac9da40c19fe00.exe
2168	NEAS.55dae9752180864325ac9da40c19fe00.exe
2168	NEAS.55dae9752180864325ac9da40c19fe00.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2596	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	27
PID 2368 wrote to memory of 2596	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	27
PID 2368 wrote to memory of 2596	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	27
PID 2368 wrote to memory of 2596	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	27
PID 2596 wrote to memory of 2540	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	28
PID 2596 wrote to memory of 2540	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	28
PID 2596 wrote to memory of 2540	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	28
PID 2596 wrote to memory of 2540	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	28
PID 2368 wrote to memory of 2616	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	29
PID 2368 wrote to memory of 2616	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	29
PID 2368 wrote to memory of 2616	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	29
PID 2368 wrote to memory of 2616	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	29
PID 2596 wrote to memory of 1704	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	30
PID 2596 wrote to memory of 1704	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	30
PID 2596 wrote to memory of 1704	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	30
PID 2596 wrote to memory of 1704	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	30
PID 2540 wrote to memory of 284	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	33
PID 2540 wrote to memory of 284	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	33
PID 2540 wrote to memory of 284	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	33
PID 2540 wrote to memory of 284	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	33
PID 2616 wrote to memory of 652	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	31
PID 2616 wrote to memory of 652	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	31
PID 2616 wrote to memory of 652	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	31
PID 2616 wrote to memory of 652	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	31
PID 2368 wrote to memory of 2032	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	32
PID 2368 wrote to memory of 2032	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	32
PID 2368 wrote to memory of 2032	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	32
PID 2368 wrote to memory of 2032	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	32
PID 2596 wrote to memory of 2892	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	34
PID 2596 wrote to memory of 2892	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	34
PID 2596 wrote to memory of 2892	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	34
PID 2596 wrote to memory of 2892	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	34
PID 1704 wrote to memory of 2040	1704	NEAS.55dae9752180864325ac9da40c19fe00.exe	35
PID 1704 wrote to memory of 2040	1704	NEAS.55dae9752180864325ac9da40c19fe00.exe	35
PID 1704 wrote to memory of 2040	1704	NEAS.55dae9752180864325ac9da40c19fe00.exe	35
PID 1704 wrote to memory of 2040	1704	NEAS.55dae9752180864325ac9da40c19fe00.exe	35
PID 284 wrote to memory of 1948	284	NEAS.55dae9752180864325ac9da40c19fe00.exe	36
PID 284 wrote to memory of 1948	284	NEAS.55dae9752180864325ac9da40c19fe00.exe	36
PID 284 wrote to memory of 1948	284	NEAS.55dae9752180864325ac9da40c19fe00.exe	36
PID 284 wrote to memory of 1948	284	NEAS.55dae9752180864325ac9da40c19fe00.exe	36
PID 652 wrote to memory of 1264	652	NEAS.55dae9752180864325ac9da40c19fe00.exe	37
PID 652 wrote to memory of 1264	652	NEAS.55dae9752180864325ac9da40c19fe00.exe	37
PID 652 wrote to memory of 1264	652	NEAS.55dae9752180864325ac9da40c19fe00.exe	37
PID 652 wrote to memory of 1264	652	NEAS.55dae9752180864325ac9da40c19fe00.exe	37
PID 2616 wrote to memory of 2172	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	38
PID 2616 wrote to memory of 2172	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	38
PID 2616 wrote to memory of 2172	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	38
PID 2616 wrote to memory of 2172	2616	NEAS.55dae9752180864325ac9da40c19fe00.exe	38
PID 2540 wrote to memory of 268	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	39
PID 2540 wrote to memory of 268	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	39
PID 2540 wrote to memory of 268	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	39
PID 2540 wrote to memory of 268	2540	NEAS.55dae9752180864325ac9da40c19fe00.exe	39
PID 2368 wrote to memory of 752	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	40
PID 2368 wrote to memory of 752	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	40
PID 2368 wrote to memory of 752	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	40
PID 2368 wrote to memory of 752	2368	NEAS.55dae9752180864325ac9da40c19fe00.exe	40
PID 2032 wrote to memory of 2844	2032	NEAS.55dae9752180864325ac9da40c19fe00.exe	41
PID 2032 wrote to memory of 2844	2032	NEAS.55dae9752180864325ac9da40c19fe00.exe	41
PID 2032 wrote to memory of 2844	2032	NEAS.55dae9752180864325ac9da40c19fe00.exe	41
PID 2032 wrote to memory of 2844	2032	NEAS.55dae9752180864325ac9da40c19fe00.exe	41
PID 2596 wrote to memory of 3008	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	42
PID 2596 wrote to memory of 3008	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	42
PID 2596 wrote to memory of 3008	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	42
PID 2596 wrote to memory of 3008	2596	NEAS.55dae9752180864325ac9da40c19fe00.exe	42

C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        9⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:8356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:10900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:10868
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        7⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:1956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:10820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:5604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:7824
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:10788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:10860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:10924
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:10932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:10740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:3844
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
        5⤵
        
        PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:6388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:10692
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
      4⤵
      PID:11188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:9072
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  PID:3816
- - C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
    3⤵
    PID:6248
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  PID:6304
- C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.55dae9752180864325ac9da40c19fe00.exe"
  2⤵
  PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling [free] glans bedroom .zip.exe

Filesize
1.7MB

MD5
808a7672d6da079b7af5a54de73e5d21

SHA1
5690d4a329688f427b805223b9b85a5abcbd2dca

SHA256
131ab2802179d93ff6adbb0bdb977116efe16b9ec5692019962c2dc9bf851dbb

SHA512
ebeef1e7d2db4136a4504a0cd8353f53c4a431556b5bcfd6ed7f7bd246940874e389a7be5561208a4bbaa2426c4cf4649b28fc6ad8c4bf8826f1d5b7b53fa780

Download Submit
memory/268-101-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/284-85-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/284-72-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/292-95-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/652-83-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/652-71-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/652-84-0x0000000004680000-0x000000000469C000-memory.dmp

Filesize
112KB

Download
memory/752-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1264-94-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1704-78-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1704-79-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/1948-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1984-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2032-74-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2032-87-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2040-91-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2040-80-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2172-100-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2276-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2368-65-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2368-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2368-75-0x00000000059C0000-0x00000000059DC000-memory.dmp

Filesize
112KB

Download
memory/2368-86-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2540-73-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2540-88-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/2540-98-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/2540-69-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2540-81-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2540-64-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2596-67-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2596-89-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2596-68-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2596-76-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2616-70-0x00000000047D0000-0x00000000047EC000-memory.dmp

Filesize
112KB

Download
memory/2616-82-0x00000000047D0000-0x00000000047EC000-memory.dmp

Filesize
112KB

Download
memory/2616-66-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2844-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2892-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2892-77-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3008-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3008-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3068-117-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download