5912b08ffe9de649d005af08c3c8580c9d16ecba2c0c537713dd4f74e773580c

Analysis

max time kernel
21s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9675a2c72edf887e6cc741ea36d99370.exe
Size

202KB
MD5

9675a2c72edf887e6cc741ea36d99370
SHA1

2f4d876d8a60a510f3db248a7297c379ac3abe4c
SHA256

5912b08ffe9de649d005af08c3c8580c9d16ecba2c0c537713dd4f74e773580c
SHA512

7833d5ea8b70c618be9be79fc32b317b5084d0550c2939246216f08fd6fa877557697ac09744abc81046f60a6f61609b965f8baaf77cebd8f10af0a04eb75c97
SSDEEP

6144:A//ICMmDRxs3NBR4SiYC5bc+Ys9s06r6hskHx9:A//vi9BWlYCbHLse7

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\G:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\I:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\M:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\N:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\Q:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\T:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\W:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\X:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\Z:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\H:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\J:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\R:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\S:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\P:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\U:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\A:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\B:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\E:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\K:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\L:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\O:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File opened (read-only)	\??\V:	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese handjob hardcore big pregnant .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm licking 40+ .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lesbian big stockings (Anniston,Jade).mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian [milf] feet .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese lesbian masturbation hairy .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Google\Temp\black fetish blowjob sleeping hole traffic .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish cumshot xxx [bangbus] .mpg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese handjob hardcore full movie black hairunshaved (Sonja,Sylvia).mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black horse horse sleeping 50+ .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay hot (!) feet fishy .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian action xxx [free] hole penetration .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish horse gay [bangbus] titts young (Sarah).mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Microsoft Office\root\Templates\tyrkish kicking lingerie [bangbus] cock .mpeg.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish action bukkake voyeur hole shoes (Sarah).zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american gang bang blowjob sleeping glans sweet .rar.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling girls .zip.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish cum beast lesbian .avi.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2504	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2504	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2728	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2728	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
208	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
208	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2840	NEAS.9675a2c72edf887e6cc741ea36d99370.exe
2840	NEAS.9675a2c72edf887e6cc741ea36d99370.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 3112	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	92
PID 1992 wrote to memory of 3112	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	92
PID 1992 wrote to memory of 3112	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	92
PID 1992 wrote to memory of 2376	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	93
PID 1992 wrote to memory of 2376	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	93
PID 1992 wrote to memory of 2376	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	93
PID 3112 wrote to memory of 2504	3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	94
PID 3112 wrote to memory of 2504	3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	94
PID 3112 wrote to memory of 2504	3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	94
PID 1992 wrote to memory of 2728	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	95
PID 1992 wrote to memory of 2728	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	95
PID 1992 wrote to memory of 2728	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	95
PID 2376 wrote to memory of 208	2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	96
PID 2376 wrote to memory of 208	2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	96
PID 2376 wrote to memory of 208	2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	96
PID 3112 wrote to memory of 2840	3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	97
PID 3112 wrote to memory of 2840	3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	97
PID 3112 wrote to memory of 2840	3112	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	97
PID 2504 wrote to memory of 2656	2504	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	98
PID 2504 wrote to memory of 2656	2504	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	98
PID 2504 wrote to memory of 2656	2504	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	98
PID 1992 wrote to memory of 3556	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	99
PID 1992 wrote to memory of 3556	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	99
PID 1992 wrote to memory of 3556	1992	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	99
PID 2376 wrote to memory of 4876	2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	100
PID 2376 wrote to memory of 4876	2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	100
PID 2376 wrote to memory of 4876	2376	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	100
PID 2728 wrote to memory of 1388	2728	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	101
PID 2728 wrote to memory of 1388	2728	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	101
PID 2728 wrote to memory of 1388	2728	NEAS.9675a2c72edf887e6cc741ea36d99370.exe	101

C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:13276
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11024
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10980
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:12100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:3964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:9888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:13284
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        7⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5632
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9188
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11176
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:9140
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2880
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        6⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:13572
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11440
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:2520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:14320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:11020
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:3556
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
        5⤵
        
        PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:11812
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10852
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:8564
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:14068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:9364
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:12392
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:13164
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
      4⤵
      PID:12016
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:8288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:11032
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:7944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:10312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:14200
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:5804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:9720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:13268
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:6968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
    3⤵
    PID:8380
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:8888
- C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.9675a2c72edf887e6cc741ea36d99370.exe"
  2⤵
  PID:11984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american gang bang blowjob sleeping glans sweet .rar.exe

Filesize
1.8MB

MD5
3fd7a8cb5eaa7ec3303db707d28897e9

SHA1
799f2f8f284686fce9bf44153105977cfe72676d

SHA256
d2e7c5152d732aa50a142d395d047dc7e3de9d7af5e8a60708f2000363f848ac

SHA512
83873f2edae04fb72659f3e332f68944f6455345ebcca45f7458ae9b23d413dc939c76fd3da01eb34fdbba1f63212e4bcb6b5dc94388c173983291a34da0419e

Download Submit