60c2175075ae4d393d0a701b14fae84083f45012dfc4ae68e4184d51d7a5bb74

Analysis

max time kernel
16s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Size

413KB
MD5

b7e34a56856a40dd93dd608f871dfed0
SHA1

4acb5fa92274cc1338f1e580a1db6f7d5956e3e3
SHA256

60c2175075ae4d393d0a701b14fae84083f45012dfc4ae68e4184d51d7a5bb74
SHA512

2129f6e26264696a1f56c26144c3f81c777e88787accd0234c4b43cd9088e0d12214be6ed8b1517143d2f65c6768f1fd9eea952449bfac70f833acc4f4617330
SSDEEP

6144:dXC4vgmhbIxs3NBBX3G/gqKXa+nuVOpPnmv4WlsHvnjAfgsS1OYnHlaqAhPrq:dXCNi9Bdwgq0aZOZ3WWPSVwDlaqAhu

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\U:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\X:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\I:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\R:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\S:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\W:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\G:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\J:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\Q:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\K:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\M:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\O:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\P:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\Y:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\B:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\E:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\H:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\Z:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\V:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\A:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\L:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File opened (read-only)	\??\N:	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\lingerie voyeur .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish kicking blowjob catfight bondage .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\blowjob voyeur (Janette).mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese beastiality lingerie catfight feet .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling uncut hole .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian fetish lesbian uncut ejaculation .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish action xxx masturbation titts femdom .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\IME\SHARED\sperm [free] ejaculation .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian nude lesbian uncut castration .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black handjob trambling [milf] (Liz).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\System32\DriverStore\Temp\lesbian [free] cock .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay girls (Samantha).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse masturbation sweet .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish action sperm uncut glans .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob big sweet .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish cumshot lesbian lesbian glans upskirt .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish gang bang hardcore sleeping hole .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish nude hardcore masturbation feet (Sandy,Karin).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american animal beast hidden feet .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian nude sperm girls titts .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian nude xxx masturbation beautyfull .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian horse trambling full movie feet stockings .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob trambling big wifey .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\trambling [milf] stockings (Anniston,Sarah).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum sperm hot (!) feet penetration .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian beastiality horse catfight fishy .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\dotnet\shared\danish action lesbian full movie gorgeoushorny (Christine,Melissa).rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast catfight titts .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob several models pregnant .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish beastiality gay hot (!) wifey .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian horse xxx lesbian cock .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish animal horse [bangbus] hole lady (Sarah).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\black action sperm hidden feet .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\asian xxx big titts penetration .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\french lingerie public lady (Sandy,Karin).mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian beastiality bukkake uncut stockings (Christine,Liz).rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\handjob sperm public titts shoes .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\italian beastiality hardcore several models titts ejaculation .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\swedish horse bukkake big blondie (Christine,Karin).avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\assembly\tmp\russian gang bang bukkake public shower .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\animal bukkake voyeur penetration .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish fucking full movie feet .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\kicking trambling hidden .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\tyrkish kicking beast licking glans sm .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\swedish animal sperm voyeur .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish handjob beast [milf] .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\indian fetish fucking [bangbus] YEâPSè& .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gang bang trambling full movie balls (Anniston,Sarah).rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\horse beast big stockings .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\japanese nude lingerie hidden latex .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\kicking gay masturbation mature (Sandy,Sylvia).avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\chinese bukkake voyeur titts pregnant (Sylvia).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\blowjob [milf] redhair (Sonja,Samantha).mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\malaysia sperm sleeping hairy .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\malaysia lingerie [milf] bedroom .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\malaysia sperm several models wifey .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\british blowjob several models glans .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse horse lesbian girly .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\swedish beastiality xxx catfight glans wifey (Sylvia).mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\bukkake several models swallow .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\horse girls wifey .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\handjob gay [bangbus] .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\danish cumshot xxx big .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\indian horse xxx sleeping cock stockings (Liz).avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\gang bang xxx public feet .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\kicking beast girls (Janette).zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake hidden hole boots (Karin).avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\assembly\temp\beast masturbation titts .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black handjob bukkake public girly .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\bukkake [bangbus] sweet .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian beastiality hardcore full movie .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian beastiality sperm masturbation bedroom .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\swedish action beast girls swallow .mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\british gay hot (!) glans ejaculation (Sylvia).mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\british beast uncut hole (Anniston,Curtney).mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\gay sleeping .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish kicking horse full movie .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\CbsTemp\swedish kicking lesbian public gorgeoushorny .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\nude blowjob full movie mistress (Britney,Sarah).avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\gay sleeping feet .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian cumshot gay [milf] feet latex .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\tyrkish kicking trambling sleeping beautyfull .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british fucking voyeur cock YEâPSè& (Samantha).mpeg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\indian fetish lesbian licking cock gorgeoushorny .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\kicking gay voyeur titts mistress (Sarah).avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish cumshot sperm uncut .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\lingerie catfight gorgeoushorny .mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\asian horse sleeping beautyfull .avi.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx girls stockings .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\InputMethod\SHARED\danish cumshot sperm hidden (Sylvia).mpg.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\german horse [free] .zip.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\animal beast licking sweet .rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cum lesbian [milf] cock latex (Jade).rar.exe	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3700	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3700	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
4068	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
4068	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3412	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3412	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1492	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1492	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5024	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5024	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
1044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2420	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2420	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
5088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3752	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
3752	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 5044	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	86
PID 1088 wrote to memory of 5044	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	86
PID 1088 wrote to memory of 5044	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	86
PID 5044 wrote to memory of 2464	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	90
PID 5044 wrote to memory of 2464	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	90
PID 5044 wrote to memory of 2464	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	90
PID 1088 wrote to memory of 2936	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	91
PID 1088 wrote to memory of 2936	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	91
PID 1088 wrote to memory of 2936	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	91
PID 5044 wrote to memory of 4880	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	93
PID 5044 wrote to memory of 4880	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	93
PID 5044 wrote to memory of 4880	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	93
PID 1088 wrote to memory of 3484	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	94
PID 1088 wrote to memory of 3484	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	94
PID 1088 wrote to memory of 3484	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	94
PID 2464 wrote to memory of 2696	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	95
PID 2464 wrote to memory of 2696	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	95
PID 2464 wrote to memory of 2696	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	95
PID 2936 wrote to memory of 3624	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	96
PID 2936 wrote to memory of 3624	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	96
PID 2936 wrote to memory of 3624	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	96
PID 4880 wrote to memory of 3700	4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	98
PID 4880 wrote to memory of 3700	4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	98
PID 4880 wrote to memory of 3700	4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	98
PID 1088 wrote to memory of 4068	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	99
PID 1088 wrote to memory of 4068	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	99
PID 1088 wrote to memory of 4068	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	99
PID 5044 wrote to memory of 1492	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	100
PID 5044 wrote to memory of 1492	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	100
PID 5044 wrote to memory of 1492	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	100
PID 2464 wrote to memory of 3412	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	101
PID 2464 wrote to memory of 3412	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	101
PID 2464 wrote to memory of 3412	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	101
PID 3484 wrote to memory of 5024	3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	102
PID 3484 wrote to memory of 5024	3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	102
PID 3484 wrote to memory of 5024	3484	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	102
PID 2936 wrote to memory of 1044	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	103
PID 2936 wrote to memory of 1044	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	103
PID 2936 wrote to memory of 1044	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	103
PID 2696 wrote to memory of 2420	2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	104
PID 2696 wrote to memory of 2420	2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	104
PID 2696 wrote to memory of 2420	2696	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	104
PID 3624 wrote to memory of 5088	3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	105
PID 3624 wrote to memory of 5088	3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	105
PID 3624 wrote to memory of 5088	3624	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	105
PID 3700 wrote to memory of 3752	3700	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	107
PID 3700 wrote to memory of 3752	3700	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	107
PID 3700 wrote to memory of 3752	3700	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	107
PID 4880 wrote to memory of 2716	4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	108
PID 4880 wrote to memory of 2716	4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	108
PID 4880 wrote to memory of 2716	4880	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	108
PID 1088 wrote to memory of 1736	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	110
PID 1088 wrote to memory of 1736	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	110
PID 1088 wrote to memory of 1736	1088	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	110
PID 2464 wrote to memory of 3928	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	111
PID 2464 wrote to memory of 3928	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	111
PID 2464 wrote to memory of 3928	2464	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	111
PID 5044 wrote to memory of 1804	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	112
PID 5044 wrote to memory of 1804	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	112
PID 5044 wrote to memory of 1804	5044	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	112
PID 4068 wrote to memory of 644	4068	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	113
PID 4068 wrote to memory of 644	4068	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	113
PID 4068 wrote to memory of 644	4068	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	113
PID 2936 wrote to memory of 2080	2936	b7e34a56856a40dd93dd608f871dfed0_NEAS.exe	114

C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10924
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13392
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13384
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13416
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13732
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13068
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:8520
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:10000
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:13628
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        7⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13408
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13612
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13540
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13500
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:12356
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:8612
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:9936
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:13716
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        6⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13708
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13844
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:12968
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:9928
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:13460
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
        5⤵
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13820
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13604
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:12468
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:8620
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:9952
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:13676
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:540
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:13692
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
      "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
      4⤵
      PID:12348
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:9856
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:13400
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  PID:5376
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:10096
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:13652
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  PID:6680
- - C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
    3⤵
    PID:12872
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  PID:8596
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  PID:9976
- C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe
  "C:\Users\Admin\AppData\Local\Temp\b7e34a56856a40dd93dd608f871dfed0_NEAS.exe"
  2⤵
  PID:13668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian nude sperm girls titts .avi.exe

Filesize
1.1MB

MD5
88870832fd0277b5448571435c77f1fc

SHA1
4be6d910fe2026d75a59e4cccffbafd1fecb2bec

SHA256
4b9797dc1dcf5bf469e017d75a8b7375ed18ddc87db4ac934b33214ccf7082f2

SHA512
523e0b3015ead752e041dd6ca68f3f5c1a825032eff2439426727d257c2fa6962ef52aa8dc9c9cd6f501e2d2237eefe287499702f659745688e394acdf6d9cfb

Download Submit
memory/644-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1088-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1384-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1736-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1804-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2080-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2356-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2420-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2696-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2716-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3308-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3412-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3416-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3700-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3752-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3928-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4048-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4068-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4196-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4724-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4792-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4880-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5088-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5156-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5168-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5252-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5272-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5280-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5304-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5368-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5384-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6136-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6164-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6176-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6208-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6276-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6300-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6352-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6360-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6404-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6468-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6472-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6648-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6656-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6664-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6672-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6704-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6712-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6720-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6744-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6836-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7000-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7028-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7036-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7128-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7424-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7440-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7452-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7460-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7536-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7544-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7552-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7560-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7620-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8040-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8520-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8540-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8548-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8572-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8580-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8588-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8604-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8612-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8620-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8632-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8696-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8984-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9184-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9200-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9824-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9840-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9856-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9864-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9888-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9896-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9912-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9920-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9928-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9952-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9960-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9976-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9984-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9992-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10000-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10008-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10016-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download