f00a8f4b541dbc95efbf444b263b9a1ea146497ba6d673349437949704bf2354

Analysis

max time kernel
66s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3403dfd081a35692b29265c832c67680.exe
Size

666KB
MD5

3403dfd081a35692b29265c832c67680
SHA1

68f98cec69f9bd4b3ca1159258291ca2e3f0cecc
SHA256

f00a8f4b541dbc95efbf444b263b9a1ea146497ba6d673349437949704bf2354
SHA512

6260aa8baa50ef13bc5459194fa951fe9164a533a26f2e234c6acc7ccd3132ec993eaed84829310f8a2116e385681dfbd0b8cf9a6ab5b3b8d7aca49a3cb39bdd
SSDEEP

12288:SEQoS86TDNKC0LN3K4GzPiiSa/CXB1+kaPFNZYkHWbup6ZI+1uej:SyLGJSa/yB8xPZ/WnZ1

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.3403dfd081a35692b29265c832c67680.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.3403dfd081a35692b29265c832c67680.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.3403dfd081a35692b29265c832c67680.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.3403dfd081a35692b29265c832c67680.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	NEAS.3403dfd081a35692b29265c832c67680.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4904-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4904-2-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x0007000000022e37-11.dat	upx
behavioral2/memory/2880-16-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4732-17-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4828-19-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1152-33-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4620-34-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4460-35-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3964-36-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2880-40-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3608-41-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3800-42-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4732-43-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2140-44-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4828-45-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3080-46-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1604-48-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/908-47-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1152-49-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/440-50-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4620-51-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3452-52-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4460-53-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3964-54-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3436-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2780-56-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3608-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3216-59-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4072-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3800-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2728-62-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1976-63-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1840-64-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2140-61-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3080-65-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/908-66-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/684-67-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3980-68-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1604-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/440-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3408-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3552-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4036-76-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3452-75-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3124-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4980-69-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3544-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5032-79-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3436-80-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/924-81-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2780-82-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1656-84-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3472-83-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3216-85-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1976-86-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4328-87-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3840-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2728-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2060-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5072-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4488-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5140-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/568-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.3403dfd081a35692b29265c832c67680.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\S:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\H:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\J:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\M:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\Q:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\E:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\G:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\W:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\Y:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\V:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\X:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\Z:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\A:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\K:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\N:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\U:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\P:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\T:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\B:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\I:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\L:	NEAS.3403dfd081a35692b29265c832c67680.exe
File opened (read-only)	\??\O:	NEAS.3403dfd081a35692b29265c832c67680.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian cum horse hot (!) .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\fucking [milf] glans 50+ .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Google\Temp\italian horse blowjob voyeur feet .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot horse lesbian .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian nude beast girls boots (Jenna,Karin).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft\Temp\trambling voyeur (Tatjana).avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Microsoft Office\root\Templates\italian nude lesbian [milf] .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese kicking sperm masturbation upskirt .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian gang bang gay sleeping .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU80B9.tmp\xxx [bangbus] .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast several models feet (Kathrin,Janette).zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian handjob lesbian girls castration .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn lingerie sleeping feet .zip.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian horse hardcore catfight titts 50+ .mpeg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black kicking lingerie big feet shoes (Jade).mpg.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish kicking beast catfight glans high heels .avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese handjob trambling licking glans ejaculation (Tatjana).avi.exe	NEAS.3403dfd081a35692b29265c832c67680.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black gang bang lesbian [milf] titts swallow (Jade).rar.exe	NEAS.3403dfd081a35692b29265c832c67680.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.3403dfd081a35692b29265c832c67680.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
2880	NEAS.3403dfd081a35692b29265c832c67680.exe
2880	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4732	NEAS.3403dfd081a35692b29265c832c67680.exe
4732	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4828	NEAS.3403dfd081a35692b29265c832c67680.exe
4828	NEAS.3403dfd081a35692b29265c832c67680.exe
2880	NEAS.3403dfd081a35692b29265c832c67680.exe
2880	NEAS.3403dfd081a35692b29265c832c67680.exe
1152	NEAS.3403dfd081a35692b29265c832c67680.exe
1152	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4904	NEAS.3403dfd081a35692b29265c832c67680.exe
4620	NEAS.3403dfd081a35692b29265c832c67680.exe
4620	NEAS.3403dfd081a35692b29265c832c67680.exe
4732	NEAS.3403dfd081a35692b29265c832c67680.exe
4732	NEAS.3403dfd081a35692b29265c832c67680.exe
4460	NEAS.3403dfd081a35692b29265c832c67680.exe
4460	NEAS.3403dfd081a35692b29265c832c67680.exe
2880	NEAS.3403dfd081a35692b29265c832c67680.exe
2880	NEAS.3403dfd081a35692b29265c832c67680.exe
3964	NEAS.3403dfd081a35692b29265c832c67680.exe
3964	NEAS.3403dfd081a35692b29265c832c67680.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 2880	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	90
PID 4904 wrote to memory of 2880	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	90
PID 4904 wrote to memory of 2880	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	90
PID 4904 wrote to memory of 4732	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	91
PID 4904 wrote to memory of 4732	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	91
PID 4904 wrote to memory of 4732	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	91
PID 2880 wrote to memory of 4828	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	92
PID 2880 wrote to memory of 4828	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	92
PID 2880 wrote to memory of 4828	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	92
PID 4904 wrote to memory of 1152	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	93
PID 4904 wrote to memory of 1152	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	93
PID 4904 wrote to memory of 1152	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	93
PID 4732 wrote to memory of 4620	4732	NEAS.3403dfd081a35692b29265c832c67680.exe	94
PID 4732 wrote to memory of 4620	4732	NEAS.3403dfd081a35692b29265c832c67680.exe	94
PID 4732 wrote to memory of 4620	4732	NEAS.3403dfd081a35692b29265c832c67680.exe	94
PID 2880 wrote to memory of 4460	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	95
PID 2880 wrote to memory of 4460	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	95
PID 2880 wrote to memory of 4460	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	95
PID 4828 wrote to memory of 3964	4828	NEAS.3403dfd081a35692b29265c832c67680.exe	96
PID 4828 wrote to memory of 3964	4828	NEAS.3403dfd081a35692b29265c832c67680.exe	96
PID 4828 wrote to memory of 3964	4828	NEAS.3403dfd081a35692b29265c832c67680.exe	96
PID 4904 wrote to memory of 3608	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	97
PID 4904 wrote to memory of 3608	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	97
PID 4904 wrote to memory of 3608	4904	NEAS.3403dfd081a35692b29265c832c67680.exe	97
PID 1152 wrote to memory of 3800	1152	NEAS.3403dfd081a35692b29265c832c67680.exe	98
PID 1152 wrote to memory of 3800	1152	NEAS.3403dfd081a35692b29265c832c67680.exe	98
PID 1152 wrote to memory of 3800	1152	NEAS.3403dfd081a35692b29265c832c67680.exe	98
PID 4732 wrote to memory of 2140	4732	NEAS.3403dfd081a35692b29265c832c67680.exe	99
PID 4732 wrote to memory of 2140	4732	NEAS.3403dfd081a35692b29265c832c67680.exe	99
PID 4732 wrote to memory of 2140	4732	NEAS.3403dfd081a35692b29265c832c67680.exe	99
PID 2880 wrote to memory of 3080	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	100
PID 2880 wrote to memory of 3080	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	100
PID 2880 wrote to memory of 3080	2880	NEAS.3403dfd081a35692b29265c832c67680.exe	100

C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1680
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:8500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:16300
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:17108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:13876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:14544
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1152
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:17232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:9852
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:15460
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:3608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:1672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:12884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:9860
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:14192
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:3436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:15776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:16820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:10268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:13348
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
      4⤵
      PID:13496
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:8336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:11948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:17224
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:5896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:10764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:14592
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:7376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
    3⤵
    PID:13948
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:10144
- C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.3403dfd081a35692b29265c832c67680.exe"
  2⤵
  PID:13716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian handjob lesbian girls castration .zip.exe

Filesize
1.3MB

MD5
af6dd572fa6c88aa6973e6f13567c002

SHA1
9d8e4e081b65a291e223baf04de6d6f92cfe968c

SHA256
d91bbc1c6b85f0e8b3e9f3bd646690e7c24067ac2adf5d434a3eedacc4920ef2

SHA512
6c6f9f924f52247637d22736572eb21c423bdd9fb60999cb8744521cb039577fb81d6cbf4e7e93d90f2ff0dd6beab05f90104bf57a68b55f649b650d2491d31f

Download Submit
memory/440-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/440-50-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/568-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/684-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/908-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/908-47-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/924-81-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1152-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1152-33-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-48-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1656-84-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1840-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1840-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-86-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2060-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2140-44-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2140-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2728-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2728-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2780-56-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2780-82-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2880-16-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2880-40-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3080-46-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3080-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3124-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3216-85-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3216-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3408-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3436-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3436-80-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3452-52-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3452-75-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3472-83-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3544-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3552-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3608-41-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3608-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3800-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3800-42-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3840-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3964-54-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3964-36-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3980-68-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4036-76-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4072-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4328-87-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4460-35-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4460-53-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4488-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4620-51-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4620-34-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4732-17-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4732-43-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4828-19-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4828-45-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4904-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4904-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4980-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5032-79-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5072-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5140-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download