fb18eb16ee5955538a2e549714e53447d987a06ad46f643feee04a3ef8c0ab3e

Analysis

max time kernel
26s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
Size

1.4MB
MD5

83bec8a588588a1ea9677c9789f24ff0
SHA1

26d57ac65332878e899750b68865c775e3e8cfa6
SHA256

fb18eb16ee5955538a2e549714e53447d987a06ad46f643feee04a3ef8c0ab3e
SHA512

7d22467cb9e6caed4a515d4d912e9a155311cd8aae9aa210cb9e9f8d629f85ada07d9f3d8c361ca7492e103d5ab13ea670720b67da8f396388a4b5c6919fddcc
SSDEEP

24576:A8jfzi+BT2D5ZfglN5XV+QM0CgKNXZ8MXLXVU9uNaGEobs5GoCdrIT+z:AAiI+0XUQM0ufg9uNd1MCrI4

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1900-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x0006000000022e6a-5.dat	upx
behavioral2/memory/4720-12-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1900-11-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2480-13-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2032-15-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/676-16-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3592-17-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3868-18-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5000-20-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3828-19-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3568-21-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2032-22-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/392-23-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2924-24-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3868-27-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3492-26-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4784-25-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/564-30-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3828-29-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3380-32-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4528-39-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3672-40-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2544-47-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4372-49-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2632-48-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5000-53-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3428-54-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4028-61-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4912-62-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/444-59-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4328-72-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4380-75-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3848-69-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4564-89-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3488-93-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2628-83-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1228-79-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3780-107-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5152-110-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3932-114-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5244-118-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5404-126-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5396-123-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1900-130-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1588-135-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5696-133-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1876-141-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5168-144-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5832-165-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5624-162-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5388-157-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2924-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2408-213-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3428-216-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4380-224-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5848-225-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1900-228-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\Q:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\E:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\G:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\I:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\J:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\K:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\L:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\M:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\W:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\A:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\N:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\T:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\X:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\V:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\Y:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\B:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\H:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\P:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\R:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\S:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\U:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File opened (read-only)	\??\Z:	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian bukkake uncut hole (Liz).avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\kicking several models legs high heels (Sandy,Jade).mpeg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\animal handjob catfight .avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fucking action licking (Christine,Curtney).zip.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Common Files\microsoft shared\black action horse sleeping (Sylvia,Janette).avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american beast lesbian [milf] blondie .avi.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang cumshot full movie penetration (Tatjana,Jade).mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking action public .mpg.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie beast [free] (Sonja,Kathrin).rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lingerie masturbation fishy .rar.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3568	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3568	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2032	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2032	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
392	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
392	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3592	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
3592	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 676	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	90
PID 1900 wrote to memory of 676	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	90
PID 1900 wrote to memory of 676	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	90
PID 1900 wrote to memory of 4720	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	91
PID 1900 wrote to memory of 4720	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	91
PID 1900 wrote to memory of 4720	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	91
PID 676 wrote to memory of 2480	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	92
PID 676 wrote to memory of 2480	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	92
PID 676 wrote to memory of 2480	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	92
PID 1900 wrote to memory of 3568	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	93
PID 1900 wrote to memory of 3568	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	93
PID 1900 wrote to memory of 3568	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	93
PID 676 wrote to memory of 2032	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	94
PID 676 wrote to memory of 2032	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	94
PID 676 wrote to memory of 2032	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	94
PID 2480 wrote to memory of 392	2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	95
PID 2480 wrote to memory of 392	2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	95
PID 2480 wrote to memory of 392	2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	95
PID 4720 wrote to memory of 3592	4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	96
PID 4720 wrote to memory of 3592	4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	96
PID 4720 wrote to memory of 3592	4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	96
PID 1900 wrote to memory of 4784	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	97
PID 1900 wrote to memory of 4784	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	97
PID 1900 wrote to memory of 4784	1900	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	97
PID 676 wrote to memory of 3868	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	98
PID 676 wrote to memory of 3868	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	98
PID 676 wrote to memory of 3868	676	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	98
PID 3568 wrote to memory of 3828	3568	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	99
PID 3568 wrote to memory of 3828	3568	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	99
PID 3568 wrote to memory of 3828	3568	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	99
PID 2480 wrote to memory of 5000	2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	100
PID 2480 wrote to memory of 5000	2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	100
PID 2480 wrote to memory of 5000	2480	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	100
PID 4720 wrote to memory of 444	4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	101
PID 4720 wrote to memory of 444	4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	101
PID 4720 wrote to memory of 444	4720	NEAS.83bec8a588588a1ea9677c9789f24ff0.exe	101

C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        8⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:16856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:1092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13316
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        7⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:3516
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:15180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12920
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:10144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13308
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        6⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:13492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:15188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:9428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:12164
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:4784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
        5⤵
        
        PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14216
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:14248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:9556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:12356
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:16704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:6776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:9992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13412
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
      4⤵
      PID:12708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:9324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:12056
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:5884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:10896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:13484
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:6888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:12128
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:8864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
    3⤵
    PID:6804
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:11152
- C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.83bec8a588588a1ea9677c9789f24ff0.exe"
  2⤵
  PID:14740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian bukkake uncut hole (Liz).avi.exe

Filesize
779KB

MD5
5fdf37b3be2b87e494079914cc5a33ab

SHA1
8b26936c8c5227b1d4d470af8289d70ac800b0f5

SHA256
1c764c689e8ad593c9b8c140f764d8ff667963dfdc71ef14f72bb73067600d0a

SHA512
2133405e37792b25f03d9cb9e53dd37f5e6512c29af8c2cc8ae2c8a750ebd9aa154a8b42206ff1be16fbd06e8772a758d8aa94acbd682351eeed8306e27e0424

Download Submit
memory/392-23-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/444-59-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/564-30-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/676-16-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1228-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1588-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1876-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1900-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1900-11-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1900-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1900-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2032-22-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2032-15-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2408-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2480-13-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2544-47-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2628-83-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2632-48-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2924-24-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2924-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3380-32-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3428-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3428-54-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3488-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3492-26-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3568-21-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3592-17-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3672-40-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3780-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3828-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3828-29-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3848-69-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3868-18-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3868-27-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3932-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4028-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4328-72-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4372-49-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4380-75-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4380-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4528-39-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4564-89-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4720-12-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4784-25-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4912-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5000-20-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5000-53-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5152-110-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5168-144-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5244-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5388-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5396-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5404-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5624-162-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5696-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5832-165-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5848-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download