85f706f93e2f9c90a60dbbeb089f5540c70025132b89899cf5eb73c9552a9e70

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
Size

1.9MB
MD5

bb6a77719894e2cdc4ac4520d28577a0
SHA1

86413735413a301079e6d03e83c657d4d78c53dc
SHA256

85f706f93e2f9c90a60dbbeb089f5540c70025132b89899cf5eb73c9552a9e70
SHA512

e26358261e3ea21a14b427369769298d3cf77a18678932d4b79641526a89a1cbc4f75be05441870065075fa059377fc6b4dcc060d18fba923f70bee64032ac82
SSDEEP

49152:/E6N6NdJ00mrNzYxCpqNkv9dYC6ePO1qww8JT:/MNditY2Ck1GCH+T

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/64-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x0006000000022d70-5.dat	upx
behavioral2/memory/1904-10-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1568-11-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3752-16-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4900-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/64-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2120-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2276-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/860-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1904-148-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/636-150-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1892-151-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1568-152-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3380-153-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4316-155-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3752-154-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4624-156-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4900-157-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4080-158-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2120-159-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/208-160-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2276-161-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1572-162-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/860-169-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/828-170-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3180-173-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/636-179-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1892-181-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/540-182-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3848-183-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/380-184-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1612-186-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2132-185-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4316-187-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4624-188-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1204-189-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3048-190-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4004-191-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4080-193-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5104-196-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4116-201-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2064-199-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2428-204-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5308-206-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5320-208-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5300-209-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1548-210-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4472-212-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/208-211-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5272-213-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5852-224-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5644-223-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5512-215-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5340-214-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5844-265-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\H:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\R:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\T:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\W:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\Z:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\K:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\Y:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\I:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\L:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\S:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\U:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\O:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\P:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\B:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\E:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\G:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\J:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\M:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\N:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\Q:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\V:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File opened (read-only)	\??\X:	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese animal hardcore hot (!) stockings .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian beast big .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beast masturbation cock ,Ó .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Common Files\microsoft shared\indian nude horse [free] penetration .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\canadian trambling hot (!) titts black hairunshaved .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Google\Temp\horse [bangbus] .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob sleeping (Sylvia).mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american cumshot hardcore [bangbus] glans .avi.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob catfight hole 50+ .mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american kicking sperm full movie feet (Anniston,Curtney).zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\bukkake catfight YEâPSè& .mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft\Temp\indian animal gay masturbation glans (Anniston,Sarah).mpeg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\fucking several models .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast hot (!) swallow .rar.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beast hidden cock hairy (Melissa).zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian beastiality trambling [milf] penetration .mpg.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay licking cock bedroom .zip.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
3752	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
3752	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 1904	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	89
PID 64 wrote to memory of 1904	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	89
PID 64 wrote to memory of 1904	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	89
PID 64 wrote to memory of 1568	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	90
PID 64 wrote to memory of 1568	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	90
PID 64 wrote to memory of 1568	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	90
PID 1904 wrote to memory of 3752	1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	91
PID 1904 wrote to memory of 3752	1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	91
PID 1904 wrote to memory of 3752	1904	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	91
PID 64 wrote to memory of 4900	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	94
PID 64 wrote to memory of 4900	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	94
PID 64 wrote to memory of 4900	64	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	94
PID 1568 wrote to memory of 2120	1568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	95
PID 1568 wrote to memory of 2120	1568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	95
PID 1568 wrote to memory of 2120	1568	NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe	95

C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:64
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        7⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7184
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:2984
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:7488
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8160
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:7324
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        6⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7432
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:9880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:10092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8232
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:4900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:7436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:9672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:7456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8184
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
        5⤵
        
        PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:8260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:1300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:7480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:7340
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:9524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
      4⤵
      PID:4048
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8240
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:4472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:8276
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:5864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
    3⤵
    PID:1948
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:5160
- C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.bb6a77719894e2cdc4ac4520d28577a0.exe"
  2⤵
  PID:8204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast hot (!) swallow .rar.exe

Filesize
1.6MB

MD5
ba7e0d8025defc916535aaef426d7a4f

SHA1
0b59432f40bbe8d8b8be594904e5c4f5398024a0

SHA256
789559ff450a0afbcaf928e79ae7407aba76add454d63e43a6ecfe7111387d9a

SHA512
f8083e621c82fcc9b6e6581a0f8dc31655da64b14b152ed976f103aed5dd2af2a1dad8138c1c12bb044c10f54d47032b108c338970326b8a6acb712af6c8b5cf

Download Submit
memory/64-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/64-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/208-160-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/208-211-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/380-184-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/540-182-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/636-179-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/636-150-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/828-170-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/860-169-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/860-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1204-189-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1548-210-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1568-152-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1568-11-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1572-162-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1612-186-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1892-151-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1892-181-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-148-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1904-10-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2064-199-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2120-159-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2120-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2132-185-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2276-161-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2276-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2428-204-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3048-190-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3180-173-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3380-153-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3752-16-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3752-154-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3848-183-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4004-191-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4080-158-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4080-193-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4116-201-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4316-187-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4316-155-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4472-212-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4624-188-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4624-156-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4900-157-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4900-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5104-196-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5272-213-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5300-209-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5308-206-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5320-208-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5340-214-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5512-215-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5644-223-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5844-265-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5852-224-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download