42c3dada3db56a22688a3d6e0c44290f8d3213f2b623293009d59c37de3bf69e

Analysis

max time kernel
15s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
Size

1.5MB
MD5

1d7b56c942dc26f79b6bfc9365c0ff40
SHA1

7e04f04e2a3dc56a9d93a23ecbe3455fdaa09593
SHA256

42c3dada3db56a22688a3d6e0c44290f8d3213f2b623293009d59c37de3bf69e
SHA512

b12f5a12f0fc987a9b5bf29c0ff77b36cb1f99bf17c67e50a409561864a88f052a145701544db1bca6079ca7eb3cd3980368853dcec9d3b3b8aed22f0be7b4e1
SSDEEP

24576:oWfKIzIE9IL9Mo8q+hvDKEyL7u9oUG+A8FwMnLd7P496mxwhRuP3dNbno+w6qLsG:VfH49TZ+RDkfu9oF+/ZmahREnbfwDWzG

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\L:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\N:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\P:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\E:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\J:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\K:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\Q:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\R:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\S:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\A:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\M:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\O:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\T:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\U:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\V:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\B:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\H:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\W:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\X:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\Y:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\Z:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File opened (read-only)	\??\G:	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian beastiality sleeping traffic .mpg.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\british horse horse voyeur .mpeg.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian beast hidden traffic (Ashley,Liz).zip.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african kicking cum hidden YEâPSè& .rar.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\porn beast hot (!) boobs (Melissa).mpg.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\spanish fucking hardcore voyeur balls (Jenna).zip.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\canadian hardcore hot (!) (Britney,Ashley).zip.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african sperm girls beautyfull .avi.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Common Files\microsoft shared\russian sperm girls mature .zip.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
File created	C:\Program Files\Microsoft Office\root\Templates\fucking hidden high heels .zip.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
4400	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
4400	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
3688	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
3688	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1340	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	94
PID 2232 wrote to memory of 1340	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	94
PID 2232 wrote to memory of 1340	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	94
PID 2232 wrote to memory of 4400	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	95
PID 2232 wrote to memory of 4400	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	95
PID 2232 wrote to memory of 4400	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	95
PID 1340 wrote to memory of 3688	1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	96
PID 1340 wrote to memory of 3688	1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	96
PID 1340 wrote to memory of 3688	1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	96
PID 2232 wrote to memory of 4240	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	97
PID 2232 wrote to memory of 4240	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	97
PID 2232 wrote to memory of 4240	2232	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	97
PID 1340 wrote to memory of 3448	1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	98
PID 1340 wrote to memory of 3448	1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	98
PID 1340 wrote to memory of 3448	1340	NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe	98

C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1340
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        7⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        7⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:552
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:10416
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:11280
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:11324
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:12260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:12740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:8784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:11300
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:10964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9336
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:11036
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:11332
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:8444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:10940
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:4240
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        6⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:10456
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:11308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:10484
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:10932
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:7720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:9560
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:12144
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
        5⤵
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:11272
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:10652
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:7196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:8676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:11340
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:4208
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:6500
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
      4⤵
      PID:12732
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:8472
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:10976
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:7484
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:12124
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:5892
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:9716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:9612
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:6912
- - C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
    3⤵
    PID:12452
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:8624
- C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.1d7b56c942dc26f79b6bfc9365c0ff40.exe"
  2⤵
  PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\porn beast hot (!) boobs (Melissa).mpg.exe

Filesize
1.1MB

MD5
e4e08cdd6a9c02cb4e5896cfd278a752

SHA1
fdb9c286b64e4568a0bde1e872fc8f9a612e87e7

SHA256
964d09833c10a83ec8eef26264d25f89834c3338681e8677159e59ae2520c2f0

SHA512
7212f9b5dd21916abb36cdfb64eba8d9f43d856badd679766b177d88fb4573925378df0c3508f25386706af47dc268779b0cef72f664e78bbf48d32c5469c16f

Download Submit