de237cb5fcd9ddad3eec1eb3719675c758722892fe0979eb1b540dc0bcc0dff4

Analysis

max time kernel
52s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
Size

918KB
MD5

449cd0af42dcd2d9bf2b3e0bf44e2000
SHA1

c942821020ba22930800e4a24f39a6611e2a0ea3
SHA256

de237cb5fcd9ddad3eec1eb3719675c758722892fe0979eb1b540dc0bcc0dff4
SHA512

61d6f8218d0ea02dbc5f3a1eb3d38caf3b61e96e463c21c37f82645823348df2ac90bd673c2d9df1cf63a68d13f8dfce72ad8ec730637b717efbc5c4fb93d2ee
SSDEEP

12288:VEQoSfqTGAZBhImCzVM9uKR+UPDJnawML/YsInbN6GCRUooCAMITJN9SUtqLqWVP:VezdCBjKoUPDgwM8ssJ6G9MIEUczl

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/400-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/400-3-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/400-4-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/400-5-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000022ce1-8.dat	upx
behavioral2/memory/2768-12-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3568-13-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3252-14-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3560-16-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3456-17-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/400-18-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5072-19-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4656-20-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1224-21-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2768-22-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2392-23-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2132-24-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3568-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1944-25-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4576-27-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/224-28-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1572-29-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3252-30-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3448-31-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1904-32-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2032-33-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3560-34-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4360-35-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3456-36-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4856-37-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4808-38-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2392-39-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/440-43-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1008-42-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1880-44-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4840-41-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2368-45-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1876-46-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4576-47-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2580-50-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3532-51-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/628-54-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5164-56-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4920-53-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1572-49-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3924-48-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4908-57-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5132-59-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5200-60-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3344-58-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5264-61-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1292-62-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3420-63-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5376-70-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5156-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/984-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4360-81-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1876-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5404-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/400-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\I:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\L:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\U:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\V:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\K:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\N:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\O:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\S:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\G:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\R:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\W:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\X:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\M:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\P:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\Q:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\T:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\A:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\B:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\H:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\J:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\Y:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File opened (read-only)	\??\Z:	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\tyrkish action lesbian hidden .mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black handjob horse girls glans balls .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish cumshot beast sleeping hole .avi.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore public (Jade).mpg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american nude beast masturbation .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\beast public black hairunshaved .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian full movie feet .zip.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
File created	C:\Program Files\Common Files\microsoft shared\indian cum beast [bangbus] boots .mpeg.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2768	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2768	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2132	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
2132	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
3568	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
3568	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 1224	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	93
PID 400 wrote to memory of 1224	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	93
PID 400 wrote to memory of 1224	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	93
PID 400 wrote to memory of 2768	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	94
PID 400 wrote to memory of 2768	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	94
PID 400 wrote to memory of 2768	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	94
PID 1224 wrote to memory of 2132	1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	95
PID 1224 wrote to memory of 2132	1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	95
PID 1224 wrote to memory of 2132	1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	95
PID 400 wrote to memory of 3568	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	96
PID 400 wrote to memory of 3568	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	96
PID 400 wrote to memory of 3568	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	96
PID 2768 wrote to memory of 224	2768	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	97
PID 2768 wrote to memory of 224	2768	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	97
PID 2768 wrote to memory of 224	2768	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	97
PID 1224 wrote to memory of 3252	1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	98
PID 1224 wrote to memory of 3252	1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	98
PID 1224 wrote to memory of 3252	1224	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	98
PID 2132 wrote to memory of 1904	2132	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	99
PID 2132 wrote to memory of 1904	2132	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	99
PID 2132 wrote to memory of 1904	2132	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	99
PID 400 wrote to memory of 3560	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	100
PID 400 wrote to memory of 3560	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	100
PID 400 wrote to memory of 3560	400	NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe	100

C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:400
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        7⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:12136
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11908
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9612
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11504
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:7988
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:9812
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        6⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:12068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:2020
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:10840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9380
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:7576
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:10156
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9604
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:3964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8852
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11352
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:7840
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:1380
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:3560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
        5⤵
        
        PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:10968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:9472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:10496
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:7716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3656
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:3448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
      4⤵
      PID:11368
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:7828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:3016
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:8332
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:11156
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:5448
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:9328
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:5656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
    3⤵
    PID:10640
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:7544
- C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.449cd0af42dcd2d9bf2b3e0bf44e2000.exe"
  2⤵
  PID:10192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish cumshot beast sleeping hole .avi.exe

Filesize
1.3MB

MD5
f171fca656a843c7e272415b79644cc3

SHA1
58aed519218a5efa002da3508f489dfc3b569bf3

SHA256
4b9825a313bf6ab6d3b5224d3a596a56848a6ab47670ebbd7ece0420b59e3215

SHA512
ab1d694fcef13c6cc2d3f9d437451b6163d9f95606b19fccb7f7a1747a1e02ca9ff8b0922585100796991c21c6fce2482f33b8921ff5324f6af409cf60a319c1

Download Submit
memory/224-28-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-18-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-4-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-5-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/400-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/440-43-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/628-54-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/984-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1008-42-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1224-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1292-62-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1572-49-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1572-29-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-46-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1880-44-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1904-32-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-25-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2032-33-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2132-24-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2368-45-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2392-39-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2392-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2580-50-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2768-12-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2768-22-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3252-14-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3252-30-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3344-58-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3420-63-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3448-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3456-17-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3456-36-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3532-51-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3560-16-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3560-34-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3568-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3568-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3924-48-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4360-35-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4360-81-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4576-27-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4576-47-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4656-20-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4808-38-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4840-41-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4856-37-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4908-57-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4920-53-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5072-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5132-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5156-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5164-56-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5200-60-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5264-61-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5376-70-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5404-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download