88df174787cd14341d72822ba67c5aaa897d17b60549c36768b539dfa5d4a273

Analysis

max time kernel
68s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 19:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
Size

143KB
MD5

8d5df4d3ce2f61229e0fd914dbd130d0
SHA1

7a750d83d2262a6e767fe1a3c2a75247fd7ce6f3
SHA256

88df174787cd14341d72822ba67c5aaa897d17b60549c36768b539dfa5d4a273
SHA512

1eae3e2070b28d80bf0e72f1e3e19892d0198786901002272d2cdc510b2f143acb7cd9d7f66de686c07d0235fce8ccc9590a58e72f9dcf693adf7c5b0a2ad798
SSDEEP

3072:wvs4dDXEGCLElS1Tj4mYWR/R4nkPR/1aVuyMZGwFEYYJ9LcvMwMi11cwEMDFn:sPDLCL9Io5R4nM/40ylwFEYY7LcvM7i1

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2396-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2396-3-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x0007000000022cda-9.dat	upx
behavioral2/memory/540-16-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2460-17-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4816-18-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2196-19-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3420-20-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2608-21-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4328-22-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/540-23-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3032-24-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1216-25-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2460-26-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4816-27-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3468-28-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2192-29-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2196-30-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/932-31-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3420-32-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2608-33-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4328-34-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3032-35-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1216-36-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/552-37-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1488-38-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3540-42-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2192-43-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1396-41-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2128-44-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3468-45-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4848-46-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/384-47-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3248-48-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4976-51-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3716-53-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/836-54-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4228-56-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4944-55-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4388-52-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5260-61-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5436-63-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5352-62-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5544-64-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5552-89-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5464-123-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\T:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\Y:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\I:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\J:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\L:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\W:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\G:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\N:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\V:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\R:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\U:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\X:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\E:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\H:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\Q:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\M:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\O:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\S:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\Z:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\A:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\B:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File opened (read-only)	\??\K:	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese porn blowjob big glans .avi.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Common Files\microsoft shared\horse hot (!) glans wifey .rar.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese nude fucking masturbation sm .avi.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore catfight .mpeg.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lesbian [milf] black hairunshaved .mpg.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian action xxx big hole 50+ (Curtney).mpeg.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie [bangbus] feet shower (Curtney).mpg.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish gang bang beast masturbation .mpg.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2460	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2460	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
4816	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
4816	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2196	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2196	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
3420	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
3420	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 540	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	94
PID 2396 wrote to memory of 540	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	94
PID 2396 wrote to memory of 540	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	94
PID 2396 wrote to memory of 2460	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	95
PID 2396 wrote to memory of 2460	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	95
PID 2396 wrote to memory of 2460	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	95
PID 540 wrote to memory of 4816	540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	96
PID 540 wrote to memory of 4816	540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	96
PID 540 wrote to memory of 4816	540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	96
PID 2396 wrote to memory of 2196	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	97
PID 2396 wrote to memory of 2196	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	97
PID 2396 wrote to memory of 2196	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	97
PID 540 wrote to memory of 3420	540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	98
PID 540 wrote to memory of 3420	540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	98
PID 540 wrote to memory of 3420	540	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	98
PID 2460 wrote to memory of 2608	2460	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	99
PID 2460 wrote to memory of 2608	2460	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	99
PID 2460 wrote to memory of 2608	2460	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	99
PID 4816 wrote to memory of 4328	4816	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	100
PID 4816 wrote to memory of 4328	4816	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	100
PID 4816 wrote to memory of 4328	4816	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	100
PID 2396 wrote to memory of 3032	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	101
PID 2396 wrote to memory of 3032	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	101
PID 2396 wrote to memory of 3032	2396	NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe	101

C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        7⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        7⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:9572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:3704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:9604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:10608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:936
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:10112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:4108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:9340
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        6⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:9588
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:11028
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:11000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:10308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:7144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:8840
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:4168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8872
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:10780
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:7752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:396
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
        5⤵
        
        PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:11060
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:9580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:10104
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:6476
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:8224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:11008
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
      4⤵
      PID:11052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:6448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:8000
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:4352
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:7360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:9564
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:5464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
    3⤵
    PID:10120
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:6676
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:8384
- C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.8d5df4d3ce2f61229e0fd914dbd130d0.exe"
  2⤵
  PID:10324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lesbian [milf] black hairunshaved .mpg.exe

Filesize
576KB

MD5
7612e718f870cc31e32b236d7b95c1f9

SHA1
23e26ae6798702a0768cb10e9d5ab14f794a5484

SHA256
f2e1d94cd6238a821937b588c8196f8da5e0208759144abe54c838c90867f78e

SHA512
7955696d37706351f76d6138a6d3463b6dc9e0930b9ad06b3ea970604112531d4e0e5c9ed8992322f9fe970446e585f803d08680277453690e4fd6184b1a1a41

Download Submit
memory/384-47-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/540-16-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/540-23-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/552-37-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/836-54-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/932-31-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1216-25-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1216-36-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1396-41-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1488-38-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2128-44-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2192-43-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2192-29-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2196-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2196-30-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2396-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2396-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2460-26-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2460-17-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2608-21-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2608-33-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-35-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-24-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3248-48-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3420-32-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3420-20-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3468-45-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3468-28-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3540-42-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3716-53-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4228-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4328-34-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4328-22-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4388-52-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4816-27-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4816-18-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4848-46-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4944-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4976-51-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5260-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5352-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5436-63-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5464-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5544-64-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5552-89-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download