ac294ca706565681e0392884db4a8fa2d526c988740cc557fa751e150fe6e59a

Analysis

max time kernel
141s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
Size

853KB
MD5

e272f9634d827c13c29fba9e09bb0fd0
SHA1

56b8112c74662f95aaafb84a49018323ae5d6adb
SHA256

ac294ca706565681e0392884db4a8fa2d526c988740cc557fa751e150fe6e59a
SHA512

945fe34a1ae26bb694de25a08f037b552ac8c16d83b083ceb9e40b5f1304f6c92723eb3070d700c3b63bc799debe081fd3f411f0b0afba7df0aa9f3b66d84d48
SSDEEP

24576:2wzuQE6GScWQVMAHiksdAAZTCHIW+DZapYqT2o:hJE6I6+HkMT2o

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\G:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\O:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\P:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\W:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\Y:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\E:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\S:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\T:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\V:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\X:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\B:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\I:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\J:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\Q:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\Z:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\H:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\K:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\L:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\M:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\N:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\R:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File opened (read-only)	\??\U:	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian voyeur .avi.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian beastiality several models .zip.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\xxx horse masturbation legs femdom (Sonja,Sonja).avi.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gay handjob hot (!) fishy .mpg.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish fetish cum masturbation 50+ .mpeg.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian xxx nude [bangbus] mistress .zip.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish lesbian horse girls boobs YEâPSè& (Jade,Janette).avi.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\trambling lingerie voyeur feet .mpeg.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
2280	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
2280	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
4804	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
4804	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
2608	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
2608	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
5048	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
5048	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 3360	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	104
PID 3976 wrote to memory of 3360	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	104
PID 3976 wrote to memory of 3360	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	104
PID 3976 wrote to memory of 2280	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	106
PID 3976 wrote to memory of 2280	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	106
PID 3976 wrote to memory of 2280	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	106
PID 3360 wrote to memory of 4804	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	107
PID 3360 wrote to memory of 4804	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	107
PID 3360 wrote to memory of 4804	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	107
PID 3976 wrote to memory of 2608	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	108
PID 3976 wrote to memory of 2608	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	108
PID 3976 wrote to memory of 2608	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	108
PID 3360 wrote to memory of 5048	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	109
PID 3360 wrote to memory of 5048	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	109
PID 3360 wrote to memory of 5048	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	109
PID 3976 wrote to memory of 3328	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	111
PID 3976 wrote to memory of 3328	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	111
PID 3976 wrote to memory of 3328	3976	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	111
PID 3360 wrote to memory of 2484	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	112
PID 3360 wrote to memory of 2484	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	112
PID 3360 wrote to memory of 2484	3360	NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe	112

C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:3812
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9264
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        6⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:8508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:6364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:7824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:9464
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9316
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:6008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:7688
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:9256
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:8080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:8656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:6088
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:7464
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:9224
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:3328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
        5⤵
        
        PID:636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:3928
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:5620
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:6520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:7940
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
      4⤵
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:6988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:8548
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:4816
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:7524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:9292
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:5436
- - C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
    3⤵
    PID:648
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:6444
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:7868
- C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.e272f9634d827c13c29fba9e09bb0fd0.exe"
  2⤵
  PID:9248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\xxx horse masturbation legs femdom (Sonja,Sonja).avi.exe

Filesize
647KB

MD5
a1fca16ad4d9f79ea2ab9c76cadf45f7

SHA1
a94f6936b4090d15a769b82a80aaef02b7e9825e

SHA256
dffd65070493cb90e08eccfc1736c5e16fdf1a460cb88b3eb2e51d3b3cb4b1b8

SHA512
1bb51db3fb1da937db58d83b3c7ecbbd6cf5f83867e337ed0b80ed7f3ce13cae422333f61182be8f9a5afced01196ce5072f8d6130ff277cd530ecfd7ca14ed9

Download Submit