7f81abadbd7359d25452fb928b50ba9b27446450b2dd1764b51c528aead65577

Analysis

max time kernel
31s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
Size

551KB
MD5

f11ed0613aba4be0b7e9ae4d66818020
SHA1

37efef5c75422b8abd452bed18108173f3da7715
SHA256

7f81abadbd7359d25452fb928b50ba9b27446450b2dd1764b51c528aead65577
SHA512

6d02462d242211b753733aa061867f43e7928a5d7fec7a65cd1bf5d4583c75ff2e222cc5683da232a4cc84b1d24932f2fbaccb56c28fd0b4c360caac9117c2e1
SSDEEP

12288:sPKLXqQ9mUoPTU7pUDOH+38ogUmsugZmJeoupQ4z6pfb:sSL5MUoWUSqmsug0J5F4Wpfb

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 34 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2044-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2044-4-0x0000000004AC0000-0x0000000004ADC000-memory.dmp	upx
behavioral1/memory/836-5-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0008000000015dc0-7.dat	upx
behavioral1/memory/2248-44-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2500-47-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2044-48-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/524-69-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2044-68-0x0000000004AC0000-0x0000000004ADC000-memory.dmp	upx
behavioral1/memory/836-71-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/268-85-0x0000000004910000-0x000000000492C000-memory.dmp	upx
behavioral1/memory/2548-87-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1816-86-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/524-90-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/524-95-0x0000000004920000-0x000000000493C000-memory.dmp	upx
behavioral1/memory/1720-98-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1968-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1816-101-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2548-105-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2148-106-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1964-107-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2860-108-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1860-112-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1780-113-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1504-114-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/876-115-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1776-116-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1860-118-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1780-119-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2008-122-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1776-123-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/888-125-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/888-132-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2764-137-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\I:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\T:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\V:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\J:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\M:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\Q:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\R:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\W:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\X:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\Y:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\B:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\E:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\N:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\O:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\P:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\A:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\G:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\K:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\L:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\S:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\U:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File opened (read-only)	\??\Z:	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\indian gang bang horse masturbation feet girly .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse full movie (Janette).rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian porn beast full movie sweet .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\System32\DriverStore\Temp\american fetish bukkake full movie 50+ .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\FxsTmp\american action lesbian uncut hole balls (Sylvia).mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\IME\shared\black fetish horse public (Jade).mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\bukkake hidden cock circumcision .rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian kicking horse [bangbus] high heels .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish beastiality lesbian uncut hole bondage .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SysWOW64\IME\shared\horse lesbian .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish nude fucking hot (!) .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Google\Temp\japanese gang bang trambling voyeur penetration .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob voyeur titts (Britney,Karin).avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\russian cum sperm public latex .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\italian beastiality horse several models castration (Jenna,Liz).mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files\Windows Journal\Templates\black nude hardcore big hole granny .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian horse lingerie licking feet gorgeoushorny .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake public 40+ .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie masturbation penetration .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast licking cock pregnant .rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore uncut glans castration .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish cum blowjob [free] .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\brasilian nude trambling [free] 40+ .rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian gang bang sperm sleeping bedroom .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Program Files\DVD Maker\Shared\gay big .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\fucking girls cock .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay several models glans leather .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black nude hardcore licking hole ash (Samantha).zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american fetish bukkake [milf] sm (Sonja,Jade).mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian action trambling uncut YEâPSè& .rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\temp\sperm hidden .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish cumshot xxx girls 50+ .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian public (Curtney).mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore [milf] hole femdom .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american animal trambling [milf] mistress .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian beastiality lesbian [bangbus] hole lady .rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\tmp\american porn gay [bangbus] castration .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\Downloaded Program Files\sperm [bangbus] circumcision .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\PLA\Templates\italian cumshot lingerie [milf] .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie hot (!) upskirt .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\mssrv.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay girls high heels .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx hidden swallow .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx voyeur balls .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian fetish lesbian full movie circumcision .rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish beastiality xxx big redhair .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\xxx several models feet .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast full movie .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian action gay lesbian (Samantha).mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american gang bang horse catfight .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx big shoes .avi.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\security\templates\lingerie full movie glans .mpeg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese gang bang beast catfight .mpg.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling several models 50+ (Ashley,Sylvia).rar.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese beastiality bukkake several models cock balls .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\japanese action blowjob sleeping .zip.exe	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1816	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1820	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2548	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2148	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1684	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
564	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
568	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2860	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1504	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1720	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1816	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1820	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1968	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2088	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2304	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1964	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1860	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1780	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1780	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2324	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2324	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
876	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
876	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1776	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
1776	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
920	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
920	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 836	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	28
PID 2044 wrote to memory of 836	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	28
PID 2044 wrote to memory of 836	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	28
PID 2044 wrote to memory of 836	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	28
PID 836 wrote to memory of 2248	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	29
PID 836 wrote to memory of 2248	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	29
PID 836 wrote to memory of 2248	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	29
PID 836 wrote to memory of 2248	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	29
PID 2044 wrote to memory of 2500	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	30
PID 2044 wrote to memory of 2500	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	30
PID 2044 wrote to memory of 2500	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	30
PID 2044 wrote to memory of 2500	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	30
PID 2248 wrote to memory of 524	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	31
PID 2248 wrote to memory of 524	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	31
PID 2248 wrote to memory of 524	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	31
PID 2248 wrote to memory of 524	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	31
PID 836 wrote to memory of 268	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	32
PID 836 wrote to memory of 268	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	32
PID 836 wrote to memory of 268	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	32
PID 836 wrote to memory of 268	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	32
PID 2044 wrote to memory of 2872	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	33
PID 2044 wrote to memory of 2872	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	33
PID 2044 wrote to memory of 2872	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	33
PID 2044 wrote to memory of 2872	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	33
PID 2500 wrote to memory of 2756	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	34
PID 2500 wrote to memory of 2756	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	34
PID 2500 wrote to memory of 2756	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	34
PID 2500 wrote to memory of 2756	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	34
PID 524 wrote to memory of 1820	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	35
PID 524 wrote to memory of 1820	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	35
PID 524 wrote to memory of 1820	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	35
PID 524 wrote to memory of 1820	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	35
PID 268 wrote to memory of 1816	268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	36
PID 268 wrote to memory of 1816	268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	36
PID 268 wrote to memory of 1816	268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	36
PID 268 wrote to memory of 1816	268	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	36
PID 2248 wrote to memory of 2548	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	37
PID 2248 wrote to memory of 2548	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	37
PID 2248 wrote to memory of 2548	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	37
PID 2248 wrote to memory of 2548	2248	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	37
PID 836 wrote to memory of 2148	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	38
PID 836 wrote to memory of 2148	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	38
PID 836 wrote to memory of 2148	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	38
PID 836 wrote to memory of 2148	836	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	38
PID 2044 wrote to memory of 564	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	42
PID 2044 wrote to memory of 564	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	42
PID 2044 wrote to memory of 564	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	42
PID 2044 wrote to memory of 564	2044	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	42
PID 2756 wrote to memory of 1684	2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	40
PID 2756 wrote to memory of 1684	2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	40
PID 2756 wrote to memory of 1684	2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	40
PID 2756 wrote to memory of 1684	2756	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	40
PID 2500 wrote to memory of 568	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	39
PID 2500 wrote to memory of 568	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	39
PID 2500 wrote to memory of 568	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	39
PID 2500 wrote to memory of 568	2500	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	39
PID 2872 wrote to memory of 2860	2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	41
PID 2872 wrote to memory of 2860	2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	41
PID 2872 wrote to memory of 2860	2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	41
PID 2872 wrote to memory of 2860	2872	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	41
PID 524 wrote to memory of 1504	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	46
PID 524 wrote to memory of 1504	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	46
PID 524 wrote to memory of 1504	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	46
PID 524 wrote to memory of 1504	524	NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe	46

C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        9⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        9⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7724
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7692
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8700
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8644
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:8240
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:9164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:8692
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        7⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:7644
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:9412
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:8544
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        6⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:9288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:8488
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:9120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:8496
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  PID:1116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
      4⤵
      PID:8036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:7708
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  PID:3680
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:6592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
    3⤵
    PID:12352
- C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.f11ed0613aba4be0b7e9ae4d66818020.exe"
  2⤵
  PID:7596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish nude fucking hot (!) .zip.exe

Filesize
1.6MB

MD5
7dcb8593b98729420daeb483186cd9a3

SHA1
cdd9077150deada84fe8d5d00133f4111dbcc3c7

SHA256
5113c80d4751cf6ede30eb5989f22d479aa3cfbe8ff01384f5f674575c5b04c2

SHA512
c54cb1f8bb4da7ca8a48ebc31b0632d90e43d7aa9f7e540d54faabdaedd7ab1707f71a46ea768889e4d178b6d7698857cf3e8d651d8c31057beff02c28aa7d23

Download Submit
memory/268-111-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/268-100-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/268-85-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/524-69-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/524-102-0x0000000002000000-0x000000000201C000-memory.dmp

Filesize
112KB

Download
memory/524-95-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/524-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/568-120-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/836-71-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/836-73-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/836-5-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/836-43-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/836-70-0x0000000004A50000-0x0000000004A6C000-memory.dmp

Filesize
112KB

Download
memory/876-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/888-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/888-125-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1504-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1720-98-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1776-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1776-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1780-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1780-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1816-109-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/1816-96-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/1816-86-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1816-101-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1820-97-0x0000000001FA0000-0x0000000001FBC000-memory.dmp

Filesize
112KB

Download
memory/1820-110-0x0000000001FA0000-0x0000000001FBC000-memory.dmp

Filesize
112KB

Download
memory/1860-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1860-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1964-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1964-136-0x00000000044C0000-0x00000000044DC000-memory.dmp

Filesize
112KB

Download
memory/1968-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2008-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2044-88-0x0000000004E20000-0x0000000004E3C000-memory.dmp

Filesize
112KB

Download
memory/2044-68-0x0000000004AC0000-0x0000000004ADC000-memory.dmp

Filesize
112KB

Download
memory/2044-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2044-48-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2044-46-0x0000000004E20000-0x0000000004E3C000-memory.dmp

Filesize
112KB

Download
memory/2044-4-0x0000000004AC0000-0x0000000004ADC000-memory.dmp

Filesize
112KB

Download
memory/2148-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2248-44-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2248-89-0x00000000047B0000-0x00000000047CC000-memory.dmp

Filesize
112KB

Download
memory/2248-103-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/2248-104-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/2304-138-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/2500-47-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2548-117-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/2548-87-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2548-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2548-124-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/2764-137-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2860-108-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2872-121-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download