0d0ef361ecfab91d0c2b9ee60d0971d4f755b7bd041f9351d06dd312b6b6761c

Analysis

max time kernel
31s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Size

399KB
MD5

2beaa9b90baea56ab1a36677099a70c0
SHA1

1223afed4bc1588d1115e4d859eaa796ee76491f
SHA256

0d0ef361ecfab91d0c2b9ee60d0971d4f755b7bd041f9351d06dd312b6b6761c
SHA512

6fb2dfebde43be6f33bd51d0bf3a48fb95c283298d6cfc7c4659bbb2bcc67665c60c7bc19c5940ee59c41c5482ce8d50f527d6e71eec8dc0f118c3fc55806c37
SSDEEP

6144:dXC4vgmhbIxs3NBR6Eg3ZFzd7Y9/fLoJM8EmfaRl2eCRA1NIFHcx4whn5EOzhRLL:dXCNi9BgdzabMA8eCRWQGZ5EONRcc

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\T:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\Z:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\G:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\I:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\K:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\U:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\E:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\H:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\Q:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\P:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\W:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\X:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\Y:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\A:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\N:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\O:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\R:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\S:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\V:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\B:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\J:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File opened (read-only)	\??\M:	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling cumshot sleeping redhair .mpeg.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian fucking hot (!) (Gina,Ashley).mpg.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\action masturbation .mpg.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\beast hidden lady (Sonja).avi.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob uncut castration .rar.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british lesbian beast full movie (Karin).rar.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Common Files\microsoft shared\japanese horse handjob public vagina .mpeg.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\cum kicking public 50+ .zip.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian bukkake several models hotel .avi.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot gang bang uncut .avi.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx [free] .mpeg.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\nude hot (!) hole .avi.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2924	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2924	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1284	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1284	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1520	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1520	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2584	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2584	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4704	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4704	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4688	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
4688	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1920	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
1920	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3848	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3848	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 1760	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	91
PID 3476 wrote to memory of 1760	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	91
PID 3476 wrote to memory of 1760	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	91
PID 3476 wrote to memory of 4960	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	92
PID 3476 wrote to memory of 4960	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	92
PID 3476 wrote to memory of 4960	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	92
PID 1760 wrote to memory of 1196	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	93
PID 1760 wrote to memory of 1196	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	93
PID 1760 wrote to memory of 1196	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	93
PID 3476 wrote to memory of 1508	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	96
PID 3476 wrote to memory of 1508	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	96
PID 3476 wrote to memory of 1508	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	96
PID 4960 wrote to memory of 2716	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	97
PID 4960 wrote to memory of 2716	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	97
PID 4960 wrote to memory of 2716	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	97
PID 1760 wrote to memory of 3164	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	98
PID 1760 wrote to memory of 3164	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	98
PID 1760 wrote to memory of 3164	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	98
PID 1196 wrote to memory of 824	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	99
PID 1196 wrote to memory of 824	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	99
PID 1196 wrote to memory of 824	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	99
PID 3476 wrote to memory of 2924	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	100
PID 3476 wrote to memory of 2924	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	100
PID 3476 wrote to memory of 2924	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	100
PID 4960 wrote to memory of 1284	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	101
PID 4960 wrote to memory of 1284	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	101
PID 4960 wrote to memory of 1284	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	101
PID 1760 wrote to memory of 1520	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	102
PID 1760 wrote to memory of 1520	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	102
PID 1760 wrote to memory of 1520	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	102
PID 1508 wrote to memory of 4704	1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	103
PID 1508 wrote to memory of 4704	1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	103
PID 1508 wrote to memory of 4704	1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	103
PID 1196 wrote to memory of 2584	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	104
PID 1196 wrote to memory of 2584	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	104
PID 1196 wrote to memory of 2584	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	104
PID 2716 wrote to memory of 4688	2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	105
PID 2716 wrote to memory of 4688	2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	105
PID 2716 wrote to memory of 4688	2716	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	105
PID 3164 wrote to memory of 1920	3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	106
PID 3164 wrote to memory of 1920	3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	106
PID 3164 wrote to memory of 1920	3164	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	106
PID 824 wrote to memory of 3848	824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	107
PID 824 wrote to memory of 3848	824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	107
PID 824 wrote to memory of 3848	824	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	107
PID 3476 wrote to memory of 2284	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	108
PID 3476 wrote to memory of 2284	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	108
PID 3476 wrote to memory of 2284	3476	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	108
PID 2924 wrote to memory of 4068	2924	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	109
PID 2924 wrote to memory of 4068	2924	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	109
PID 2924 wrote to memory of 4068	2924	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	109
PID 4960 wrote to memory of 2980	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	111
PID 4960 wrote to memory of 2980	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	111
PID 4960 wrote to memory of 2980	4960	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	111
PID 1760 wrote to memory of 4016	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	110
PID 1760 wrote to memory of 4016	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	110
PID 1760 wrote to memory of 4016	1760	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	110
PID 1284 wrote to memory of 2852	1284	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	112
PID 1284 wrote to memory of 2852	1284	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	112
PID 1284 wrote to memory of 2852	1284	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	112
PID 1508 wrote to memory of 4280	1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	113
PID 1508 wrote to memory of 4280	1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	113
PID 1508 wrote to memory of 4280	1508	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	113
PID 1196 wrote to memory of 216	1196	NEAS.2beaa9b90baea56ab1a36677099a70c0.exe	115

C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:19060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:18460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:19204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:19480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:18964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:19504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:4944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15980
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:9096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:11196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:15320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:19696
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        7⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:19076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15876
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15680
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:19712
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:9492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:11760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:4268
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:9120
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:11564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:15656
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        6⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:19028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15868
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:11380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:19020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:19092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:10360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:14508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:9428
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:17416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:14408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:1904
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15752
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:8380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:9656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:12672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:15804
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:15964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:19044
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
      4⤵
      PID:9504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:1960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:15312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:19512
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:5176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:14776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:428
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:5320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:7460
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:5960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:17480
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:6212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
    3⤵
    PID:11628
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:8120
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:12236
- C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.2beaa9b90baea56ab1a36677099a70c0.exe"
  2⤵
  PID:15712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian bukkake several models hotel .avi.exe

Filesize
1.4MB

MD5
5ddef9dd265336c9b23fe6e8e22037a5

SHA1
28ad3432ef4e6643037dbe808863aabe557b26d5

SHA256
4ab550ccc5e84c364cc52f53a6bc1a14a97bc435ef08f600bdacf7accdfff949

SHA512
24286d4599462dac0bb71d1b850033f53eba4ce7f4e2d46cf3e25d831293a99c40f1917896ffe52ed6cf88ddb56e8b09c21f57332b72e2e3ecfb2889a45c13dd

Download Submit