855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081

Analysis

max time kernel
13s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
Size

705KB
MD5

ffcc689b6d3ebe5366a51a67a4c5e1c0
SHA1

70f7ed898f6ea53cbde91a1e918e583f0ebdeb0d
SHA256

855ce7c4f46d349c5ce1004802912b81ef2da3508de1512ef9c07acf3b947081
SHA512

ec8d4bc2288b14724134ad92e894bba7da9b43a5ffd6cd6cfb6994c910beab40b9b16216928f2708d8243ca2c427a5ed2498efcb725c081abbff1848c1130f95
SSDEEP

12288:VEQoSml0NHhuZQtQgPZZ44eHM2zb96iAES/2Jjrddk54qsPIiB0YKmPsrNGr:VhhTNZZ5eBz5xSgTy+gJOPWG

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000\Control Panel\International\Geo\Nation	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000\Control Panel\International\Geo\Nation	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000\Control Panel\International\Geo\Nation	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000\Control Panel\International\Geo\Nation	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3944-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x0006000000022ea4-5.dat	upx
behavioral2/memory/2536-10-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4436-29-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3944-36-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1248-39-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4368-56-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/948-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4152-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2536-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3204-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4736-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3360-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3468-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4436-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2988-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4160-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1248-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4876-78-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3796-79-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4368-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4884-81-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1568-82-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/948-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4152-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4312-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4360-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1564-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4904-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2952-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4456-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4772-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2532-143-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2964-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/740-155-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3924-160-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4736-159-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3204-158-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1636-150-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4320-161-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4624-162-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2908-165-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2476-172-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2336-178-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4100-182-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4816-187-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4472-190-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3360-193-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3468-194-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/872-202-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3544-200-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\V:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\Y:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\Z:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\G:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\I:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\J:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\L:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\M:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\T:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\U:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\X:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\A:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\P:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\Q:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\S:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\B:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\H:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\K:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\N:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\O:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\W:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File opened (read-only)	\??\E:	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\lingerie full movie feet .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Common Files\microsoft shared\hardcore catfight (Sylvia).mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian kicking horse masturbation hole hairy .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish porn beast voyeur shower .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia horse lesbian circumcision .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian action hardcore hot (!) feet balls .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx lesbian feet (Kathrin,Sylvia).zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian cumshot xxx full movie .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\tyrkish porn horse several models .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4144D4F1-B7D3-4764-B96B-1DD2F4562087}\EDGEMITMP_F9E5D.tmp\gay catfight hole castration (Janette).rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay hidden latex .rar.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast [bangbus] blondie .avi.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fucking big .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling big glans .zip.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black horse gay [bangbus] cock high heels .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish fetish blowjob voyeur mature .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian cumshot xxx [free] lady .mpg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
File created	C:\Program Files (x86)\Google\Temp\black fetish bukkake voyeur hole upskirt .mpeg.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
4436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
4436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
1248	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
1248	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
4368	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
4368	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 2536	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	86
PID 3944 wrote to memory of 2536	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	86
PID 3944 wrote to memory of 2536	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	86
PID 3944 wrote to memory of 4436	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	87
PID 3944 wrote to memory of 4436	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	87
PID 3944 wrote to memory of 4436	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	87
PID 2536 wrote to memory of 1248	2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	88
PID 2536 wrote to memory of 1248	2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	88
PID 2536 wrote to memory of 1248	2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	88
PID 3944 wrote to memory of 4368	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	89
PID 3944 wrote to memory of 4368	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	89
PID 3944 wrote to memory of 4368	3944	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	89
PID 2536 wrote to memory of 4884	2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	90
PID 2536 wrote to memory of 4884	2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	90
PID 2536 wrote to memory of 4884	2536	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	90
PID 4436 wrote to memory of 948	4436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	91
PID 4436 wrote to memory of 948	4436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	91
PID 4436 wrote to memory of 948	4436	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	91
PID 1248 wrote to memory of 4152	1248	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	92
PID 1248 wrote to memory of 4152	1248	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	92
PID 1248 wrote to memory of 4152	1248	NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe	92

C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:7172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:9972
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5236
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        7⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:7644
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        6⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:8320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:6880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:6968
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:2000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:7760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:9504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:2172
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:5636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
      4⤵
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:10248
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:3888
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:7072
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:9528
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:5756
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:5588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
    3⤵
    PID:8164
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:7040
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:6776
- C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.ffcc689b6d3ebe5366a51a67a4c5e1c0.exe"
  2⤵
  PID:7128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast [bangbus] blondie .avi.exe

Filesize
1.3MB

MD5
1fcf4ea2cd7747954021cd53889446bd

SHA1
af157fb3cc43640d404873a54ef8c13abcc9230c

SHA256
5c51a2a61292b0f41acc57bbe57d91f7fa2359801781c418a75a0b68d0388b02

SHA512
31473ae4887277628423663ca1555f105d8be4ee9a065aaeacb1aae5a8993bc932f273120ccc6abf4e6902de84ec6aa50e63ac0c57aff91db98af50f3f4cba54

Download Submit
memory/740-155-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/872-202-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/948-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/948-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1248-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1248-39-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1564-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1568-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1636-150-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2336-178-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2476-172-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2532-143-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2536-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2536-10-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2908-165-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2952-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2964-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2988-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3204-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3204-158-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3360-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3360-193-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3468-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3468-194-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3544-200-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3796-79-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3924-160-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3944-36-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3944-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4100-182-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4152-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4152-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4160-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4312-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4320-161-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4360-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4368-56-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4368-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4436-29-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4436-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4456-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4472-190-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4624-162-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4736-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4736-159-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4772-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4816-187-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4876-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4884-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4904-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download