1bf1c0deca0ce78b46aa6708e2f921af6b04dd044252cf274f6b494ec3c6e387

Analysis

max time kernel
135s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
Size

573KB
MD5

14b15ffc262beb3bef4ee7baf88ba270
SHA1

bf32eb87bc4fbd19de41dd6cb6268b24c3ac4ef6
SHA256

1bf1c0deca0ce78b46aa6708e2f921af6b04dd044252cf274f6b494ec3c6e387
SHA512

b5400b9e07c606496628b7efe85478b0ab5d34d07dd875be2070d94025dfc70ecad0ab6c0bb9ceb92af0bbc366499fd80234733c46fb3ecb42dd568402e8d963
SSDEEP

12288:dXCNi9BA5O+xdE0SNxv0Y2a2v36l4UflbbMTpoigJzQnzgcz+gy:oWAJrjmTIP6BMyiO8z/+R

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\Y:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\Z:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\A:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\E:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\J:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\S:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\V:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\X:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\B:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\K:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\N:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\P:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\Q:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\W:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\L:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\M:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\R:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\T:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\U:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\G:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\H:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File opened (read-only)	\??\I:	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian nude sleeping (Jenna).mpg.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fetish [free] boobs .mpg.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish gay hardcore licking YEâPSè& (Kathrin).rar.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish beast lingerie girls feet .avi.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Common Files\microsoft shared\horse uncut bondage .zip.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian sperm full movie cock .rar.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian blowjob girls .mpeg.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling porn uncut femdom (Samantha).mpg.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
1464	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
1464	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
1412	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
1412	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4024	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4024	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4496	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4496	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 4332	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	92
PID 3348 wrote to memory of 4332	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	92
PID 3348 wrote to memory of 4332	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	92
PID 3348 wrote to memory of 3204	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	93
PID 3348 wrote to memory of 3204	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	93
PID 3348 wrote to memory of 3204	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	93
PID 4332 wrote to memory of 3796	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	94
PID 4332 wrote to memory of 3796	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	94
PID 4332 wrote to memory of 3796	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	94
PID 3348 wrote to memory of 1464	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	95
PID 3348 wrote to memory of 1464	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	95
PID 3348 wrote to memory of 1464	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	95
PID 4332 wrote to memory of 1412	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	96
PID 4332 wrote to memory of 1412	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	96
PID 4332 wrote to memory of 1412	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	96
PID 3204 wrote to memory of 4024	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	97
PID 3204 wrote to memory of 4024	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	97
PID 3204 wrote to memory of 4024	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	97
PID 3796 wrote to memory of 4496	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	98
PID 3796 wrote to memory of 4496	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	98
PID 3796 wrote to memory of 4496	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	98
PID 3348 wrote to memory of 4572	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	99
PID 3348 wrote to memory of 4572	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	99
PID 3348 wrote to memory of 4572	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	99
PID 4332 wrote to memory of 5100	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	100
PID 4332 wrote to memory of 5100	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	100
PID 4332 wrote to memory of 5100	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	100
PID 3204 wrote to memory of 3144	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	101
PID 3204 wrote to memory of 3144	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	101
PID 3204 wrote to memory of 3144	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	101
PID 3796 wrote to memory of 4248	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	102
PID 3796 wrote to memory of 4248	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	102
PID 3796 wrote to memory of 4248	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	102
PID 3348 wrote to memory of 3792	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	103
PID 3348 wrote to memory of 3792	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	103
PID 3348 wrote to memory of 3792	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	103
PID 3204 wrote to memory of 3632	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	105
PID 3204 wrote to memory of 3632	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	105
PID 3204 wrote to memory of 3632	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	105
PID 4332 wrote to memory of 4640	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	104
PID 4332 wrote to memory of 4640	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	104
PID 4332 wrote to memory of 4640	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	104
PID 3796 wrote to memory of 4584	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	106
PID 3796 wrote to memory of 4584	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	106
PID 3796 wrote to memory of 4584	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	106
PID 3348 wrote to memory of 4408	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	107
PID 3348 wrote to memory of 4408	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	107
PID 3348 wrote to memory of 4408	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	107
PID 3204 wrote to memory of 3180	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	108
PID 3204 wrote to memory of 3180	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	108
PID 3204 wrote to memory of 3180	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	108
PID 4332 wrote to memory of 372	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	109
PID 4332 wrote to memory of 372	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	109
PID 4332 wrote to memory of 372	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	109
PID 3796 wrote to memory of 3648	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	110
PID 3796 wrote to memory of 3648	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	110
PID 3796 wrote to memory of 3648	3796	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	110
PID 3348 wrote to memory of 4580	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	111
PID 3348 wrote to memory of 4580	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	111
PID 3348 wrote to memory of 4580	3348	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	111
PID 3204 wrote to memory of 4364	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	112
PID 3204 wrote to memory of 4364	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	112
PID 3204 wrote to memory of 4364	3204	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	112
PID 4332 wrote to memory of 3824	4332	NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe	113

C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        6⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:13380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:13304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12180
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11344
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9452
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:15008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11304
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:14968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:13296
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:13280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:13288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11820
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8600
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11512
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12540
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:8564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:12612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:13264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:14992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12832
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
      4⤵
      PID:14856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12976
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12392
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:3792
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11696
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12584
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:4580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11432
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11320
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11424
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8656
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11296
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8332
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8592
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8428
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8488
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9228
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12984
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:5360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8648
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:5680
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12196
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:5788
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:10384
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:6000
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:5940
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8608
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:6040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:8156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11016
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:5168
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9220
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:11392
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:868
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:9292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:12592
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:6668
- - C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
    3⤵
    PID:14976
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:9480
- C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.14b15ffc262beb3bef4ee7baf88ba270.exe"
  2⤵
  PID:12952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling porn uncut femdom (Samantha).mpg.exe

Filesize
154KB

MD5
edce2346cec01f204b709f22b45dc190

SHA1
184c2bba3d439ec5cb1b0afc1845002814128870

SHA256
f00ecbfef0860d3dec58a2925159c05dfae322dc1f5853f0139e5a4e44bdab97

SHA512
7e758165a026bf124ed79d54dbf7fc9c992838f1131f5237e952a4b5cfe85bce98e83010d29b0a56debc34376677aa142f3690cd03fa50df45ea0d929ec5f7be

Download Submit