27162233bfe529fe8db104ff62039567039ee88f0515799228b8d918525a30de

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

955e828373b28124e1f551b79d9a2bb0_NEAS.exe
Size

1.7MB
MD5

955e828373b28124e1f551b79d9a2bb0
SHA1

5c06092b8253f0a63ebeb0af881556297debcfc0
SHA256

27162233bfe529fe8db104ff62039567039ee88f0515799228b8d918525a30de
SHA512

f8ff4298a12848e607cea4d1c50498ffc334b25efd798f10c00fa541707c5690882cd9069acb4a4ecf38aeaf9828b24e2f987655f63379dc6d50d4b9e903d9ad
SSDEEP

49152:XZ62sPN45Ka8zGwt+sd1J7nRFt+TW6lZskef52Ws:X45yKjRdPRzv6lJG9s

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	955e828373b28124e1f551b79d9a2bb0_NEAS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5080-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023244-5.dat	upx
behavioral2/memory/4380-9-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4372-12-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4168-13-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2444-14-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3916-15-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5064-16-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/940-18-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5080-17-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2224-19-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3224-21-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1672-20-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4380-23-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4100-22-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2892-24-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4372-25-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2344-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4944-29-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4784-28-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4168-27-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2384-31-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2444-30-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3904-33-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3916-32-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3564-35-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5064-34-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/372-37-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/940-36-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2224-38-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2876-39-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4432-47-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2892-46-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1048-44-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4100-43-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2692-42-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3224-41-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1672-40-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2572-51-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3352-50-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1076-49-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2344-48-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4580-55-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3876-57-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2384-56-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4944-54-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4784-53-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4400-60-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2036-59-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3904-58-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/372-63-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1908-62-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3564-61-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5040-64-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/8-66-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2876-65-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2692-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1048-78-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5228-77-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5216-76-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5208-75-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5188-74-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5180-73-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5168-72-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	955e828373b28124e1f551b79d9a2bb0_NEAS.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\K:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\O:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\P:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\Q:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\B:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\G:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\H:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\Z:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\Y:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\E:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\L:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\T:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\S:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\W:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\M:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\N:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\R:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\V:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\X:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\A:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\J:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File opened (read-only)	\??\U:	955e828373b28124e1f551b79d9a2bb0_NEAS.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob girls .mpeg.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob sleeping shoes .rar.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm beastiality licking YEâPSè& .mpg.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\dotnet\shared\trambling [bangbus] blondie .mpeg.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian uncut granny (Christine,Kathrin).mpg.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore lingerie hot (!) nipples black hairunshaved .avi.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lingerie full movie boobs (Christine,Sonja).mpg.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality lesbian glans .mpeg.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\canadian fucking full movie nipples blondie .avi.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	955e828373b28124e1f551b79d9a2bb0_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4372	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4372	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4168	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4168	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
2444	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
2444	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
3916	955e828373b28124e1f551b79d9a2bb0_NEAS.exe
3916	955e828373b28124e1f551b79d9a2bb0_NEAS.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 4380	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	90
PID 5080 wrote to memory of 4380	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	90
PID 5080 wrote to memory of 4380	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	90
PID 5080 wrote to memory of 4372	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	91
PID 5080 wrote to memory of 4372	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	91
PID 5080 wrote to memory of 4372	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	91
PID 4380 wrote to memory of 4168	4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	92
PID 4380 wrote to memory of 4168	4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	92
PID 4380 wrote to memory of 4168	4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	92
PID 5080 wrote to memory of 2444	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	93
PID 5080 wrote to memory of 2444	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	93
PID 5080 wrote to memory of 2444	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	93
PID 4380 wrote to memory of 3916	4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	94
PID 4380 wrote to memory of 3916	4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	94
PID 4380 wrote to memory of 3916	4380	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	94
PID 4372 wrote to memory of 5064	4372	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	95
PID 4372 wrote to memory of 5064	4372	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	95
PID 4372 wrote to memory of 5064	4372	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	95
PID 4168 wrote to memory of 940	4168	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	96
PID 4168 wrote to memory of 940	4168	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	96
PID 4168 wrote to memory of 940	4168	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	96
PID 5080 wrote to memory of 2224	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	97
PID 5080 wrote to memory of 2224	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	97
PID 5080 wrote to memory of 2224	5080	955e828373b28124e1f551b79d9a2bb0_NEAS.exe	97

C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        7⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        7⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        7⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        7⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:444
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:12560
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:616
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:13000
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:11480
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:372
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:12952
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:7420
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:4448
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:12028
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:10648
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:11512
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:10340
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:10864
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:11316
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:7412
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:9384
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:12568
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:12052
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:11536
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7320
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:6512
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:8884
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:11980
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
        5⤵
        
        PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8288
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:6740
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:10356
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:6580
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:8568
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
      4⤵
      PID:8908
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:5724
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:8144
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:11520
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:7772
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:9756
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:12988
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:5604
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:9852
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:9548
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:6620
- - C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
    3⤵
    PID:4224
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:8428
- C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\955e828373b28124e1f551b79d9a2bb0_NEAS.exe"
  2⤵
  PID:11108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4220 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:8668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore lingerie hot (!) nipples black hairunshaved .avi.exe

Filesize
1.0MB

MD5
5cc4847d731af9de339093f1289406c2

SHA1
7e6386f6b51800da046c2b0e970cd78560f5600a

SHA256
f747635fda4ab0dbdd5e2ebab1a09844e5c9ba5ce4eec6314e14ca16b6e2836c

SHA512
42e16df388e457adf784ab6a3ac7e300ee808822983fdbe072c43fc873d5bb3a422b9491908494a498f6e26946ade9ac0cbec7ebeff9f8b7bf2582bdc17cfcca

Download Submit
memory/8-66-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/8-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/372-63-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/372-37-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/940-36-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/940-18-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1048-78-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1048-44-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1076-49-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1076-90-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1672-20-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1672-40-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1680-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1908-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1908-62-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2036-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2036-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2224-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2224-38-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2344-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2344-48-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2384-56-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2384-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2444-14-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2444-30-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2572-51-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2572-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2692-42-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2692-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2876-39-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2876-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2892-24-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2892-46-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3224-41-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3224-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3352-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3352-50-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3564-35-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3564-61-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3876-57-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3876-101-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3904-58-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3904-33-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3916-32-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3916-15-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4100-43-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4100-22-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4168-27-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4168-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4372-12-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4372-25-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4380-9-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4380-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4400-60-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4400-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4432-84-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4432-47-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4580-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4580-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4784-28-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4784-53-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-29-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-54-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5040-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5040-64-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5064-34-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5064-16-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5080-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5080-17-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-70-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5148-71-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5168-72-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5180-73-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5188-74-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5208-75-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5216-76-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-77-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5604-85-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5616-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5624-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5636-93-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5644-88-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5652-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5664-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5948-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6024-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6032-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6040-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6052-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6060-108-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6116-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6260-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6284-121-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6308-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6332-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download