a15f9d617cecbc8769a94a3bf013400b15db366a6ce85eed4028c45415eac3e2

Analysis

max time kernel
73s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.cf0ce663275e2db478e54995fd4ec320.exe
Size

1.5MB
MD5

cf0ce663275e2db478e54995fd4ec320
SHA1

1556218663f3d0fd23c2220383fc9bbd60403056
SHA256

a15f9d617cecbc8769a94a3bf013400b15db366a6ce85eed4028c45415eac3e2
SHA512

c8df49391aa3455873a113dd79f54d19e51e06924046c1a3de3fc39257d563e36744132332f7178090af2ee5dc53aa58ed37801a47606260932ae04ec7d9aba5
SSDEEP

24576:60/D+8E/qlec+4nRXVVGifkDL7uOBviXlEJwICB2Yi+PFsf4WwqFfhp31:B6f8g4n/VGisD31BKiJwr2WPF+IqdhP

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2912-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/files/0x0008000000022d60-5.dat	upx
behavioral2/memory/2912-11-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2256-16-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1448-40-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3152-41-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2784-106-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4464-107-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/684-118-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1988-132-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2256-139-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4084-148-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3772-149-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1448-150-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1340-151-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3152-152-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/5028-153-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1632-154-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2784-155-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3748-156-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4464-157-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3256-158-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2128-160-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/684-159-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1988-161-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1880-162-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4084-163-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3772-166-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4408-165-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4644-164-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1340-167-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2776-170-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/5028-171-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1692-169-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1680-172-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1080-168-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3156-173-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4684-175-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1652-174-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1540-176-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3252-177-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1632-178-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/952-180-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/448-181-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3748-182-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2552-183-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4088-184-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/3256-185-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/640-186-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4692-191-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2808-192-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1792-193-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1880-194-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4644-195-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/444-197-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4408-198-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1380-196-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/5132-199-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/5152-201-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1692-202-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/1316-200-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/5172-204-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4684-206-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2776-203-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\N:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\V:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\W:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\R:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\G:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\H:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\I:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\M:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\O:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\P:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\Q:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\T:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\U:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\Y:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\Z:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\A:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\B:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\J:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\L:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\E:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\S:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File opened (read-only)	\??\X:	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish animal bukkake [milf] hole boots .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse voyeur .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Google\Temp\sperm [milf] hotel .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Common Files\microsoft shared\danish nude gay licking hole .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black fetish hardcore girls castration .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling hot (!) feet (Jenna,Tatjana).zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian several models .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian cum blowjob [milf] titts .zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black handjob xxx lesbian (Karin).zip.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian handjob xxx lesbian young .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft\Temp\brasilian horse gay lesbian traffic .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Microsoft Office\root\Templates\horse sleeping titts shower .mpeg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american action gay public cock .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore big feet .avi.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian gang bang fucking public feet bondage (Samantha).rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese nude trambling voyeur .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD1B7.tmp\trambling [free] .rar.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx [bangbus] glans .mpg.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
3152	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
3152	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2784	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2784	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
4464	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
4464	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe
1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2256	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	95
PID 2912 wrote to memory of 2256	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	95
PID 2912 wrote to memory of 2256	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	95
PID 2912 wrote to memory of 1448	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	96
PID 2912 wrote to memory of 1448	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	96
PID 2912 wrote to memory of 1448	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	96
PID 2256 wrote to memory of 3152	2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	97
PID 2256 wrote to memory of 3152	2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	97
PID 2256 wrote to memory of 3152	2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	97
PID 2912 wrote to memory of 2784	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	98
PID 2912 wrote to memory of 2784	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	98
PID 2912 wrote to memory of 2784	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	98
PID 1448 wrote to memory of 4464	1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	99
PID 1448 wrote to memory of 4464	1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	99
PID 1448 wrote to memory of 4464	1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	99
PID 2256 wrote to memory of 684	2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	100
PID 2256 wrote to memory of 684	2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	100
PID 2256 wrote to memory of 684	2256	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	100
PID 3152 wrote to memory of 1988	3152	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	101
PID 3152 wrote to memory of 1988	3152	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	101
PID 3152 wrote to memory of 1988	3152	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	101
PID 2912 wrote to memory of 4084	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	102
PID 2912 wrote to memory of 4084	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	102
PID 2912 wrote to memory of 4084	2912	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	102
PID 1448 wrote to memory of 3772	1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	103
PID 1448 wrote to memory of 3772	1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	103
PID 1448 wrote to memory of 3772	1448	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	103
PID 2784 wrote to memory of 1340	2784	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	104
PID 2784 wrote to memory of 1340	2784	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	104
PID 2784 wrote to memory of 1340	2784	NEAS.cf0ce663275e2db478e54995fd4ec320.exe	104

C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        8⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:10680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:18388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:17096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:17072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15852
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:18032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:10860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:14672
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        7⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:18292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15056
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:10520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:14516
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:17048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:3908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:14024
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:16388
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:13628
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:17940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:14540
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
        5⤵
        
        PID:16532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4468
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:4716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:18000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:10528
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:14532
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
      4⤵
      PID:16396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:7924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:10900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:15372
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:6108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:11304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:224
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:7648
- - C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
    3⤵
    PID:16052
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:10324
- C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.cf0ce663275e2db478e54995fd4ec320.exe"
  2⤵
  PID:14248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling hot (!) feet (Jenna,Tatjana).zip.exe

Filesize
1.1MB

MD5
e0abada071fc47f351ce9377f3c77301

SHA1
81e7178f95bd27bcc737e9d2e9ad7d36de17813d

SHA256
1ba7bca2d421e5d0ddefc4b3bfb6fe8332b51dad02f09331726b1d76dd43574d

SHA512
a1cde29cc7781b89c00ae056d6f3f1dd63d40b5c1bd11b61e08c1d913ca22e7d7eeb1e74ac983a731d9e36f5983182465f7ff0c374a13cbcd650b83e1d7c7ce3

Download Submit
memory/444-197-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/448-181-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/640-186-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/684-159-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/684-118-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/952-180-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1080-168-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1316-200-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1340-151-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1340-167-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1380-196-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1448-40-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1448-150-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1540-176-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1632-178-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1632-154-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1652-174-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1680-172-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1692-169-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1692-202-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1792-193-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1880-194-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1880-162-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1988-132-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1988-161-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2128-160-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2256-16-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2256-139-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2552-183-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2776-170-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2776-203-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2784-155-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2784-106-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2808-192-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2912-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2912-11-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3152-152-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3152-41-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3156-173-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3156-208-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3252-177-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3256-185-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3256-158-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3748-182-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3748-156-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3772-149-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/3772-166-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4084-148-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4084-163-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4088-184-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4408-198-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4408-165-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4464-157-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4464-107-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4644-164-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4644-195-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4684-175-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4684-206-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4692-191-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5028-153-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5028-171-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5132-199-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5152-201-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5172-204-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download