5912b08ffe9de649d005af08c3c8580c9d16ecba2c0c537713dd4f74e773580c

Analysis

max time kernel
12s
max time network
142s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9675a2c72edf887e6cc741ea36d99370.exe
Size

202KB
MD5

9675a2c72edf887e6cc741ea36d99370
SHA1

2f4d876d8a60a510f3db248a7297c379ac3abe4c
SHA256

5912b08ffe9de649d005af08c3c8580c9d16ecba2c0c537713dd4f74e773580c
SHA512

7833d5ea8b70c618be9be79fc32b317b5084d0550c2939246216f08fd6fa877557697ac09744abc81046f60a6f61609b965f8baaf77cebd8f10af0a04eb75c97
SSDEEP

6144:A//ICMmDRxs3NBR4SiYC5bc+Ys9s06r6hskHx9:A//vi9BWlYCbHLse7

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\K:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\T:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\V:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\Y:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\B:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\E:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\L:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\O:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\R:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\X:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\A:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\M:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\H:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\J:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\N:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\P:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\Q:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\S:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\U:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\W:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\G:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\Z:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob uncut cock mistress .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian handjob gay full movie .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american horse hardcore lesbian hole boots .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian uncut sweet .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\DVD Maker\Shared\gay full movie feet latex .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian gang bang bukkake voyeur (Jade).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse hot (!) hole (Anniston,Karin).zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian action xxx hidden shower .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake voyeur circumcision (Kathrin,Melissa).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Google\Temp\horse [free] femdom .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\italian fetish hardcore catfight hole (Sandy,Jade).avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish porn bukkake catfight black hairunshaved .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american porn sperm [free] glans mistress (Janette).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay public (Sarah).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Windows Journal\Templates\danish kicking hardcore public (Melissa).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian nude hardcore big granny .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fucking lesbian titts .mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay [free] titts traffic .mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese animal hardcore catfight titts femdom .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black gang bang trambling [free] feet YEâPSè& .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\tmp\italian handjob horse licking femdom .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\trambling voyeur titts traffic (Curtney).zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake [bangbus] (Sarah).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish fetish gay hot (!) .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian girls (Samantha).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\temp\hardcore girls hotel (Britney,Liz).avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian action beast [bangbus] titts 40+ (Janette).mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian handjob sperm hidden pregnant .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish porn hardcore licking (Sylvia).avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish gang bang beast girls .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese kicking fucking lesbian glans (Sonja,Samantha).avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang hardcore big castration .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish nude xxx lesbian (Liz).avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\african hardcore hidden femdom .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lesbian full movie gorgeoushorny .mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish fetish bukkake uncut upskirt .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\PLA\Templates\swedish action fucking several models hole (Britney,Jade).avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\security\templates\xxx catfight feet beautyfull .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie full movie .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\mssrv.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\lesbian [bangbus] hole latex .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse public (Tatjana).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian beastiality beast [bangbus] hole hotel (Karin).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\Downloaded Program Files\beast [bangbus] stockings .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish handjob bukkake [free] hole black hairunshaved .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american gang bang lingerie full movie feet gorgeoushorny .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cum fucking licking feet traffic .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Windows\SoftwareDistribution\Download\horse full movie wifey .mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2860	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2488	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2936	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2556	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2880	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
268	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2896	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2388	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2488	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2860	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2936	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2556	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2412	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2340	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1744	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2756	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	28
PID 2952 wrote to memory of 2756	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	28
PID 2952 wrote to memory of 2756	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	28
PID 2952 wrote to memory of 2756	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	28
PID 2952 wrote to memory of 2464	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	30
PID 2756 wrote to memory of 2272	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	29
PID 2952 wrote to memory of 2464	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	30
PID 2756 wrote to memory of 2272	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	29
PID 2756 wrote to memory of 2272	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	29
PID 2952 wrote to memory of 2464	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	30
PID 2756 wrote to memory of 2272	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	29
PID 2952 wrote to memory of 2464	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	30
PID 2952 wrote to memory of 2860	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	34
PID 2952 wrote to memory of 2860	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	34
PID 2952 wrote to memory of 2860	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	34
PID 2952 wrote to memory of 2860	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	34
PID 2756 wrote to memory of 2936	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	31
PID 2756 wrote to memory of 2936	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	31
PID 2756 wrote to memory of 2936	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	31
PID 2756 wrote to memory of 2936	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	31
PID 2272 wrote to memory of 2556	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	33
PID 2272 wrote to memory of 2556	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	33
PID 2272 wrote to memory of 2556	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	33
PID 2272 wrote to memory of 2556	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	33
PID 2464 wrote to memory of 2488	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	32
PID 2464 wrote to memory of 2488	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	32
PID 2464 wrote to memory of 2488	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	32
PID 2464 wrote to memory of 2488	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	32
PID 2952 wrote to memory of 2880	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	42
PID 2952 wrote to memory of 2880	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	42
PID 2952 wrote to memory of 2880	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	42
PID 2952 wrote to memory of 2880	2952	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	42
PID 2756 wrote to memory of 2896	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	36
PID 2756 wrote to memory of 2896	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	36
PID 2756 wrote to memory of 2896	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	36
PID 2756 wrote to memory of 2896	2756	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	36
PID 2464 wrote to memory of 268	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	35
PID 2464 wrote to memory of 268	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	35
PID 2464 wrote to memory of 268	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	35
PID 2464 wrote to memory of 268	2464	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	35
PID 2936 wrote to memory of 952	2936	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	40
PID 2936 wrote to memory of 952	2936	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	40
PID 2936 wrote to memory of 952	2936	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	40
PID 2936 wrote to memory of 952	2936	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	40
PID 2272 wrote to memory of 2388	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	41
PID 2272 wrote to memory of 2388	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	41
PID 2272 wrote to memory of 2388	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	41
PID 2272 wrote to memory of 2388	2272	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	41
PID 2488 wrote to memory of 2340	2488	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	38
PID 2488 wrote to memory of 2340	2488	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	38
PID 2488 wrote to memory of 2340	2488	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	38
PID 2488 wrote to memory of 2340	2488	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	38
PID 2860 wrote to memory of 1744	2860	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	39
PID 2860 wrote to memory of 1744	2860	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	39
PID 2860 wrote to memory of 1744	2860	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	39
PID 2860 wrote to memory of 1744	2860	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	39
PID 2556 wrote to memory of 2412	2556	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	37
PID 2556 wrote to memory of 2412	2556	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	37
PID 2556 wrote to memory of 2412	2556	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	37
PID 2556 wrote to memory of 2412	2556	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	37
PID 2880 wrote to memory of 2640	2880	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	43
PID 2880 wrote to memory of 2640	2880	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	43
PID 2880 wrote to memory of 2640	2880	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	43
PID 2880 wrote to memory of 2640	2880	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        8⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:13304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:11984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3704
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9532
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:12016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:11484
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7552
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:11540
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:13124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:12068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:6760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:12108
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:12148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:12052
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:13224
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:3120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:10408
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:4356
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:7044
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:13216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake voyeur circumcision (Kathrin,Melissa).mpg.exe

Filesize
103KB

MD5
86675a07d096a711b39e64e45f030ce5

SHA1
eb69c7791fed4cbeab1ea359ec88d65f46a855b9

SHA256
e747c585fd53425484dfc7960440c83325c43e9c1175a6a96d947f1fa237a96c

SHA512
fce025520c0e9fe525ff5ba6d919b8f4e19834761525c9cd1579e818188588087602e87e77538f7ff633ae46584332a3875e208c3635e6bc1c6f0cd95612f01f

Download Submit
C:\debug.txt

Filesize
183B

MD5
6b380901bf1ab6f0792b270706cc0a11

SHA1
577afba85c379f5d023ef07160608dc7452648e3

SHA256
79c6d6635e460bde3ccd35173b290ec385ab2d18e10a83a10e9fc5f62c260a1e

SHA512
2efb486fc17bc2e415999c76704fb7ed574062da7d853a2a6a43c1fc619123a63d3f6aaffb13c27104b034c80b236a9617dcc5460d29beb9ee8aaa18896f83ef

Download Submit