5e204f70de5a7d457ce9bdec93213255a4f6e4815dd03274cc36b39e362ed1fd

Analysis

max time kernel
15s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Size

1.3MB
MD5

813662f20aaa62ac87363b863de8a7e0
SHA1

4b86027e1d84307b69e311a54a29296edf3d934c
SHA256

5e204f70de5a7d457ce9bdec93213255a4f6e4815dd03274cc36b39e362ed1fd
SHA512

704b9ff93f54b34fb85e77fe530ab36773b26cb7f28a8d26830ea1615fd9057efc37cbcd659ab2aaa42e2f7cbd0a6c5cfe3099a44b9e60b1807336e406034e01
SSDEEP

24576:0sYbPwpbDG5yqEWVpkSSPGmciTOsKZM/twtUNWQF5txBtDVvEqQKkDWr+hqBjD:BYspZqEWVpkSCciTOPZMK5QFPHdyqXmm

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3196-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x000a000000023b9c-5.dat	upx
behavioral2/memory/4052-86-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3492-168-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3516-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/508-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4828-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/816-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3152-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3196-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4052-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1424-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/508-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4540-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3492-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3780-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3196-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3516-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2384-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4548-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4828-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/856-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/816-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2980-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4172-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1628-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3152-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2320-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2532-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4692-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3868-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1424-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4916-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1000-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/992-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2668-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3644-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3780-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4548-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3504-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3036-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1628-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/8-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3456-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2280-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3864-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3676-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2032-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4692-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2572-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2760-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3584-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5152-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1388-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3868-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4640-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5952-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3644-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6036-250-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5128-259-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5304-261-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/736-260-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1532-256-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2760-264-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\N:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\R:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\V:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\H:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\I:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\L:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\U:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\Y:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\B:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\G:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\K:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\T:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\W:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\X:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\Z:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\E:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\O:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\Q:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\S:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\A:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\J:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File opened (read-only)	\??\P:	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia nude fetish licking castration .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore sperm uncut feet .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\System32\DriverStore\Temp\beastiality lingerie voyeur girly .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\lingerie sperm girls ash girly .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay full movie hole .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish sperm hardcore lesbian 40+ .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\sperm licking 50+ .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian hardcore lesbian several models boots .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian sperm fucking hot (!) glans (Sarah).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\german handjob porn big ash .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse handjob big lady .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake girls (Liz,Melissa).zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\horse masturbation black hairunshaved .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\asian blowjob several models upskirt .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse kicking hot (!) beautyfull (Kathrin,Tatjana).mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay catfight hotel .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn xxx licking nipples stockings .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie lingerie uncut boobs stockings (Curtney).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang lesbian hidden pregnant .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese trambling hardcore masturbation feet ash .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm public .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian lesbian sperm public upskirt (Sonja).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish kicking masturbation .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Google\Temp\swedish fucking nude public traffic .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian nude lingerie licking YEâPSè& .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\Temp\indian xxx sleeping 50+ .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\dotnet\shared\russian action action voyeur titts (Sonja).mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\cumshot big shoes (Sandy,Kathrin).avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish beastiality girls sm (Karin).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\british lesbian big feet bedroom (Jade,Christine).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beastiality hot (!) .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\swedish lingerie handjob licking glans high heels .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\indian trambling fucking sleeping (Tatjana).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\lingerie action sleeping titts girly .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\japanese action big swallow .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish fetish cum uncut (Liz).zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\german sperm xxx full movie nipples castration (Sonja,Sylvia).avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\african porn cumshot hidden legs gorgeoushorny (Janette,Anniston).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\malaysia animal hot (!) black hairunshaved .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\indian sperm lesbian [bangbus] sm (Sandy).avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\porn several models (Sandy).rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish bukkake licking femdom .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\swedish action girls nipples wifey .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\CbsTemp\horse beastiality sleeping legs (Britney,Tatjana).avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\canadian trambling several models feet Ôï .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\porn gay several models (Jenna,Liz).avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\lingerie porn [bangbus] latex .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\kicking animal girls femdom .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm [milf] ash (Liz,Sandy).mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\canadian lesbian horse hot (!) feet stockings .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\japanese porn hidden hotel .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\indian fucking several models beautyfull .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lingerie girls sweet .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\chinese porn hardcore full movie hole ejaculation (Janette).rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\beast cumshot masturbation beautyfull (Gina,Gina).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\assembly\tmp\black beast hardcore hot (!) glans mature .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\brasilian trambling voyeur .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\japanese gang bang trambling full movie boots .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\cumshot animal [milf] leather .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\beast lesbian big legs hairy .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\gang bang [bangbus] circumcision .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\norwegian action masturbation .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\gay licking feet sm .mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay beastiality catfight .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang blowjob voyeur ash high heels .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\danish cum voyeur traffic .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\spanish nude kicking big Ôï .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\beastiality beast several models pregnant (Sylvia,Tatjana).zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african horse [milf] .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian fucking porn voyeur girly .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish horse hidden wifey (Anniston).zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\malaysia hardcore porn lesbian wifey (Christine).zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\malaysia hardcore xxx several models hole .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beastiality kicking masturbation boobs fishy .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\canadian porn lesbian legs .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\german blowjob kicking full movie Ôï .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\british sperm bukkake [milf] titts (Tatjana,Sandy).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\italian bukkake gay [bangbus] cock (Liz,Karin).mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\german fucking licking cock .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse lingerie licking mature .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\malaysia cum hardcore full movie sm .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\asian bukkake animal hot (!) 50+ .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\security\templates\chinese gang bang handjob girls nipples sweet (Curtney,Samantha).zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\hardcore lingerie catfight sweet .zip.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish hardcore catfight hole traffic (Liz).mpg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\beast bukkake lesbian YEâPSè& (Liz).rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\Downloaded Program Files\japanese fetish porn sleeping circumcision (Kathrin).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SoftwareDistribution\Download\kicking hidden boots .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese cumshot catfight 50+ .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\fetish gang bang [milf] upskirt .avi.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian xxx bukkake [milf] .rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\french horse [bangbus] (Janette).rar.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\fucking several models boots .mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cum fucking masturbation legs (Britney).mpeg.exe	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
816	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
816	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4172	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4172	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
856	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
856	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3152	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3152	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2532	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2532	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
1424	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
1424	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2668	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
2668	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3780	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
3780	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4548	813662f20aaa62ac87363b863de8a7e0_NEAS.exe
4548	813662f20aaa62ac87363b863de8a7e0_NEAS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 4052	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	87
PID 3196 wrote to memory of 4052	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	87
PID 3196 wrote to memory of 4052	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	87
PID 4052 wrote to memory of 3492	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	88
PID 4052 wrote to memory of 3492	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	88
PID 4052 wrote to memory of 3492	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	88
PID 3196 wrote to memory of 4540	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	89
PID 3196 wrote to memory of 4540	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	89
PID 3196 wrote to memory of 4540	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	89
PID 4052 wrote to memory of 508	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	90
PID 4052 wrote to memory of 508	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	90
PID 4052 wrote to memory of 508	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	90
PID 3196 wrote to memory of 3516	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	91
PID 3196 wrote to memory of 3516	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	91
PID 3196 wrote to memory of 3516	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	91
PID 3492 wrote to memory of 2384	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	92
PID 3492 wrote to memory of 2384	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	92
PID 3492 wrote to memory of 2384	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	92
PID 4540 wrote to memory of 4828	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	93
PID 4540 wrote to memory of 4828	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	93
PID 4540 wrote to memory of 4828	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	93
PID 3492 wrote to memory of 856	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	95
PID 3492 wrote to memory of 856	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	95
PID 3492 wrote to memory of 856	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	95
PID 4052 wrote to memory of 816	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	94
PID 4052 wrote to memory of 816	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	94
PID 4052 wrote to memory of 816	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	94
PID 3196 wrote to memory of 4172	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	96
PID 3196 wrote to memory of 4172	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	96
PID 3196 wrote to memory of 4172	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	96
PID 4540 wrote to memory of 3152	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	97
PID 4540 wrote to memory of 3152	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	97
PID 4540 wrote to memory of 3152	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	97
PID 3516 wrote to memory of 2320	3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	98
PID 3516 wrote to memory of 2320	3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	98
PID 3516 wrote to memory of 2320	3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	98
PID 2384 wrote to memory of 2532	2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	99
PID 2384 wrote to memory of 2532	2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	99
PID 2384 wrote to memory of 2532	2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	99
PID 508 wrote to memory of 1424	508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	100
PID 508 wrote to memory of 1424	508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	100
PID 508 wrote to memory of 1424	508	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	100
PID 4828 wrote to memory of 2668	4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	101
PID 4828 wrote to memory of 2668	4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	101
PID 4828 wrote to memory of 2668	4828	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	101
PID 4052 wrote to memory of 3780	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	102
PID 4052 wrote to memory of 3780	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	102
PID 4052 wrote to memory of 3780	4052	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	102
PID 3196 wrote to memory of 8	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	103
PID 3196 wrote to memory of 8	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	103
PID 3196 wrote to memory of 8	3196	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	103
PID 3492 wrote to memory of 4548	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	104
PID 3492 wrote to memory of 4548	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	104
PID 3492 wrote to memory of 4548	3492	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	104
PID 816 wrote to memory of 3456	816	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	105
PID 816 wrote to memory of 3456	816	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	105
PID 816 wrote to memory of 3456	816	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	105
PID 4540 wrote to memory of 3504	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	106
PID 4540 wrote to memory of 3504	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	106
PID 4540 wrote to memory of 3504	4540	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	106
PID 3516 wrote to memory of 2980	3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	107
PID 3516 wrote to memory of 2980	3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	107
PID 3516 wrote to memory of 2980	3516	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	107
PID 2384 wrote to memory of 1628	2384	813662f20aaa62ac87363b863de8a7e0_NEAS.exe	108

C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        8⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17128
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:508
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17360
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:2772
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17632
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:12432
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:17320
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:19888
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:18660
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17160
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17200
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:1900
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:372
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:16684
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17224
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:7948
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:12392
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:17012
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3516
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    - Checks computer location settings
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        7⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        6⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:16672
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:10884
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:12336
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:1708
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:2348
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:12652
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:17152
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  PID:8
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:5008
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17568
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17600
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:12264
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:17352
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
      4⤵
      PID:6948
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:4892
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  PID:6684
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:13076
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:16948
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  PID:8712
- - C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
    3⤵
    PID:13788
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  PID:12448
- C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\813662f20aaa62ac87363b863de8a7e0_NEAS.exe"
  2⤵
  PID:17272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian lesbian sperm public upskirt (Sonja).mpeg.exe

Filesize
693KB

MD5
0ac461ccd1540e9126d561098845aa5f

SHA1
9dfb729d39d1d8da2c563ae5dbdd85ea7753915c

SHA256
7f4ce27ce10d691af300786d7b866c0ce97c02411017113ce3e671d2f4d5925c

SHA512
e008792d9deb8c98505783e69bcdc233c75a9f3f989197fb739bf35ec892a624b6698eaeadfed6179b0f18e807ad1d7bbbb1deb9dd26c88b8215438b055234e4

Download Submit
C:\debug.txt

Filesize
146B

MD5
8021a7f7b0e58512e90bed60acd36bb9

SHA1
51ed2a7a78f963e94a91812a7949fc82bf53edf6

SHA256
e25969ae5c5bbe822aaeaa619e3553fb22629185f05217d14019ad9dc24a07bb

SHA512
92367168130b9d0af047f3c579b15d46a12a907a7a4b7723bd47ed780732d0b1c1d48939d4cb380eab14e91c1e8a5808e69331491090de6b6794a9f8437a8b4d

Download Submit
memory/8-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/64-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/508-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/508-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/736-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/816-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/816-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/856-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/992-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/992-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1000-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1000-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1388-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1388-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1424-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1424-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1532-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1628-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1628-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2032-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2032-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2276-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2280-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2280-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2320-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2384-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2532-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2572-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2668-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2980-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3036-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3036-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3152-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3152-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3192-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3196-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3196-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3196-302-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3196-443-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3196-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3456-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3492-168-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3492-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3504-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3516-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3516-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3584-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3584-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3644-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3644-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3676-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3676-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3780-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3780-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3864-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3868-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3868-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4052-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4052-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4172-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4408-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4540-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4548-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4548-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4640-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4784-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4828-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4828-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4916-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5020-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5128-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5152-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5152-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5244-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5304-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5936-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5944-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5952-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5960-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5968-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5976-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6008-294-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6036-293-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6036-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6108-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6116-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6124-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6288-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6296-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6556-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6612-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6644-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6652-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6660-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6700-292-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download