412ec0b7a59b1c328928fa7b07653eec3fee907a7104763900153054300f69f6

Analysis

max time kernel
19s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
Size

1.8MB
MD5

0188c5d7b0cf80183cf816bae2aad1f0
SHA1

d4c85feae0197c4e4a43710eaa69a88ae6d95621
SHA256

412ec0b7a59b1c328928fa7b07653eec3fee907a7104763900153054300f69f6
SHA512

d9aa701fe140df35b914775f257a62d94818cb84b2edf82f799ab04bd469ef2d533b33a04bdbdbe53931fafd7bb02ded26f831a90855c56241213fcbf1041e54
SSDEEP

49152:fWWJMoQISwniQsttX1FOc/WXr3/CRjxhpO/:fK8wljWX7/GjxhpO/

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x00070000000153bf-5.dat	upx
behavioral1/memory/3000-25-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2600-64-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2508-65-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2904-68-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2908-69-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2252-71-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2040-70-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2644-94-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2028-95-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1080-96-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2012-97-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2220-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1924-99-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1112-100-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2600-102-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2040-101-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/936-103-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2508-104-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2560-105-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2904-106-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1492-109-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/604-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2512-112-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2908-113-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1068-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2308-115-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1108-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2148-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1672-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1544-120-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1800-121-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2232-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1928-123-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2644-124-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/908-126-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1388-127-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2120-130-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1924-129-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2012-128-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2956-131-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/860-132-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2116-136-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2860-137-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/896-139-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2084-142-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2116-144-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1420-145-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1172-147-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2376-148-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2748-149-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2828-151-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2040-185-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\K:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\W:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\Z:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\A:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\B:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\I:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\O:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\P:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\Q:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\T:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\U:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\G:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\J:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\L:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\M:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\V:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\X:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\H:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\N:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\R:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\S:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File opened (read-only)	\??\Y:	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx gay [free] .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia nude nude voyeur hole traffic .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\IME\shared\gay uncut glans .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\IME\shared\italian porn bukkake masturbation hairy .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish gang bang public latex .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian fetish public (Christine).zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\FxsTmp\american trambling masturbation sm (Anniston).rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse full movie .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast lingerie [free] vagina 40+ .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore fetish lesbian (Sonja).mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\french beastiality public .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob [milf] nipples ash .rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\lesbian sleeping (Melissa).mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian voyeur swallow .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian bukkake [milf] feet .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast bukkake sleeping girly .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore uncut nipples (Kathrin,Britney).zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files\Windows Journal\Templates\japanese cumshot hidden .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\norwegian lingerie lingerie licking .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian gang bang fetish [free] circumcision (Janette,Curtney).mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore [bangbus] .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files\DVD Maker\Shared\african bukkake horse hot (!) titts .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish gang bang porn licking gorgeoushorny .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling fucking lesbian girly .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american horse full movie vagina penetration .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe

Drops file in Windows directory 44 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian fucking beast masturbation .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese porn [bangbus] shower .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german action sperm [milf] bondage .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american bukkake cumshot girls hole .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\SoftwareDistribution\Download\handjob hot (!) leather (Gina,Sonja).rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\french lingerie full movie (Sandy).rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\tmp\german fucking porn several models legs girly (Jade,Sylvia).avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian action trambling uncut black hairunshaved .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian hardcore hot (!) femdom .rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\malaysia gang bang beast full movie 50+ .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian sperm hidden .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\black bukkake beast big ash shoes .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\mssrv.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian gang bang fucking big bondage .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian bukkake kicking public nipples sm .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian beast uncut granny .rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german kicking beastiality [milf] glans .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia beastiality licking glans lady .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian bukkake porn full movie 40+ .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian animal catfight vagina upskirt .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\french beast sperm masturbation black hairunshaved (Melissa,Kathrin).rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\Downloaded Program Files\japanese blowjob bukkake several models circumcision .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\security\templates\lingerie catfight ejaculation .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie handjob lesbian .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\norwegian lesbian kicking public .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish fetish action several models shoes (Sarah,Sonja).avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\handjob [milf] .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish fetish horse catfight feet latex (Sarah,Curtney).rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beastiality trambling uncut legs blondie (Anniston).mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\PLA\Templates\asian animal sleeping traffic .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian xxx licking fishy (Sonja,Melissa).mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\japanese blowjob licking (Christine,Jade).avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian handjob [free] nipples shower .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\malaysia gay licking .avi.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\german porn voyeur legs balls .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore porn catfight beautyfull .rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse nude [milf] glans mature .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\nude masturbation .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gang bang licking (Sonja,Janette).mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia lingerie catfight nipples young .mpg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fetish handjob masturbation blondie (Britney,Sonja).mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling [milf] .zip.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\assembly\temp\brasilian nude lingerie girls .rar.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french trambling uncut .mpeg.exe	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2644	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2028	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1112	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1080	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2012	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2220	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2120	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1924	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
936	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2560	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
604	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2644	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2028	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1492	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2308	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1068	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2860	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2148	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1108	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1672	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1080	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1544	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2012	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2232	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2120	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1928	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1112	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1800	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2220	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1388	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
1924	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
2956	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 3000	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	28
PID 2040 wrote to memory of 3000	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	28
PID 2040 wrote to memory of 3000	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	28
PID 2040 wrote to memory of 3000	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	28
PID 3000 wrote to memory of 2600	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	29
PID 3000 wrote to memory of 2600	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	29
PID 3000 wrote to memory of 2600	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	29
PID 3000 wrote to memory of 2600	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	29
PID 2040 wrote to memory of 2508	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	30
PID 2040 wrote to memory of 2508	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	30
PID 2040 wrote to memory of 2508	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	30
PID 2040 wrote to memory of 2508	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	30
PID 2508 wrote to memory of 2904	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	34
PID 2508 wrote to memory of 2904	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	34
PID 2508 wrote to memory of 2904	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	34
PID 2508 wrote to memory of 2904	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	34
PID 2040 wrote to memory of 2908	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	32
PID 2040 wrote to memory of 2908	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	32
PID 2040 wrote to memory of 2908	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	32
PID 2040 wrote to memory of 2908	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	32
PID 3000 wrote to memory of 2512	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	31
PID 3000 wrote to memory of 2512	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	31
PID 3000 wrote to memory of 2512	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	31
PID 3000 wrote to memory of 2512	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	31
PID 2600 wrote to memory of 2252	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	33
PID 2600 wrote to memory of 2252	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	33
PID 2600 wrote to memory of 2252	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	33
PID 2600 wrote to memory of 2252	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	33
PID 2508 wrote to memory of 2644	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	37
PID 2508 wrote to memory of 2644	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	37
PID 2508 wrote to memory of 2644	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	37
PID 2508 wrote to memory of 2644	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	37
PID 2040 wrote to memory of 1112	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	36
PID 2040 wrote to memory of 1112	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	36
PID 2040 wrote to memory of 1112	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	36
PID 2040 wrote to memory of 1112	2040	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	36
PID 3000 wrote to memory of 2028	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	35
PID 3000 wrote to memory of 2028	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	35
PID 3000 wrote to memory of 2028	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	35
PID 3000 wrote to memory of 2028	3000	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	35
PID 2904 wrote to memory of 1080	2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	38
PID 2904 wrote to memory of 1080	2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	38
PID 2904 wrote to memory of 1080	2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	38
PID 2904 wrote to memory of 1080	2904	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	38
PID 2600 wrote to memory of 2220	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	41
PID 2600 wrote to memory of 2220	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	41
PID 2600 wrote to memory of 2220	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	41
PID 2600 wrote to memory of 2220	2600	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	41
PID 2908 wrote to memory of 2012	2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	40
PID 2908 wrote to memory of 2012	2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	40
PID 2908 wrote to memory of 2012	2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	40
PID 2908 wrote to memory of 2012	2908	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	40
PID 2512 wrote to memory of 1924	2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	39
PID 2512 wrote to memory of 1924	2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	39
PID 2512 wrote to memory of 1924	2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	39
PID 2512 wrote to memory of 1924	2512	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	39
PID 2252 wrote to memory of 2120	2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	42
PID 2252 wrote to memory of 2120	2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	42
PID 2252 wrote to memory of 2120	2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	42
PID 2252 wrote to memory of 2120	2252	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	42
PID 2508 wrote to memory of 936	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	43
PID 2508 wrote to memory of 936	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	43
PID 2508 wrote to memory of 936	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	43
PID 2508 wrote to memory of 936	2508	NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe	43

C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:7488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:8440
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8956
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        7⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:1588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:9124
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:7456
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        6⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6624
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:7400
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:7600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8056
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:7268
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:6004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:7644
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:7576
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  PID:896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8352
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
      4⤵
      PID:8796
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  PID:3868
- - C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
    3⤵
    PID:7872
- C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.0188c5d7b0cf80183cf816bae2aad1f0.exe"
  2⤵
  PID:7720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob [milf] nipples ash .rar.exe

Filesize
1.5MB

MD5
d44a7bccf0e2a75f8a698d99d86053f7

SHA1
aa00a9e6464fbdea90108a44ab258f7987890288

SHA256
92ceae451d158922048b5cd7b7f36e59bc3aa2d7805e9fa0aa68475cd16df607

SHA512
dfb6444f8362380a8d88606db14a6c9c0d765553f9b99ea5fe3482e8aaafa3836ddd9b10a147f535060929a2c1064f89f6d74f3b98540fd8628d583868f6f455

Download Submit
memory/604-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/860-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/896-139-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/908-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/936-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1068-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1080-96-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1108-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1112-100-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1172-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1388-127-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1420-145-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1492-150-0x0000000004A50000-0x0000000004A70000-memory.dmp

Filesize
128KB

Download
memory/1492-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1544-120-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1672-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1800-121-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-99-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-125-0x0000000004A40000-0x0000000004A60000-memory.dmp

Filesize
128KB

Download
memory/1924-129-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1928-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2012-146-0x0000000004910000-0x0000000004930000-memory.dmp

Filesize
128KB

Download
memory/2012-128-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2012-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2028-134-0x0000000001CE0000-0x0000000001D00000-memory.dmp

Filesize
128KB

Download
memory/2028-95-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2028-108-0x0000000001CE0000-0x0000000001D00000-memory.dmp

Filesize
128KB

Download
memory/2040-133-0x0000000005300000-0x0000000005320000-memory.dmp

Filesize
128KB

Download
memory/2040-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2040-22-0x00000000048D0000-0x00000000048F0000-memory.dmp

Filesize
128KB

Download
memory/2040-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2040-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2040-70-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2084-142-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2116-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2116-144-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2120-130-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2148-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-138-0x00000000045C0000-0x00000000045E0000-memory.dmp

Filesize
128KB

Download
memory/2220-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2232-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2252-71-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2308-115-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2376-148-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2508-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2508-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2512-112-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2560-105-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2600-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2600-102-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2644-94-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2644-107-0x0000000001EA0000-0x0000000001EC0000-memory.dmp

Filesize
128KB

Download
memory/2644-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2748-149-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2828-151-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2860-137-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2904-68-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2904-143-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2904-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2908-69-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2908-113-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2908-111-0x0000000004910000-0x0000000004930000-memory.dmp

Filesize
128KB

Download
memory/2956-131-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3000-63-0x00000000047E0000-0x0000000004800000-memory.dmp

Filesize
128KB

Download
memory/3000-135-0x00000000047E0000-0x0000000004800000-memory.dmp

Filesize
128KB

Download
memory/3000-25-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download