dde2aa1d9cdf8e8309a0e2eba082bb274ab39179d3e5df6b96c375bd769aa7ef

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
Size

1.2MB
MD5

b5cfef516ea88a5bf86a7cc9b7ed7630
SHA1

1b6c2f67429384389b35580665df840df95aa2dc
SHA256

dde2aa1d9cdf8e8309a0e2eba082bb274ab39179d3e5df6b96c375bd769aa7ef
SHA512

87dd24aad6bed707f74a312138514bd8d2c246c1bd01662445d6eb386579a6af89db73796adef0346dddafb3e1bd3829a91eb229f43c237925b9d1048d999f1e
SSDEEP

24576:oWLy16uYZou4zVE2/qJ3XvIPWa78npdgPlQrYfUHSoWtdtZXWMajIIivbV5:VLyP4Z4xENg+aQnHwYqUFWtdn8ER5

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\E:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\P:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\Y:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\Z:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\B:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\M:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\O:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\X:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\U:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\J:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\L:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\R:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\T:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\N:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\Q:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\S:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\V:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\G:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\H:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\I:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\K:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File opened (read-only)	\??\W:	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\japanese fetish gay hidden .avi.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Google\Temp\black nude trambling lesbian ejaculation .zip.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian cumshot xxx sleeping (Samantha).rar.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\trambling hot (!) hole .mpg.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse hidden .zip.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob sperm hidden lady .avi.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian cum hardcore voyeur .avi.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\gay [bangbus] feet leather (Janette).rar.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian gang bang hardcore hot (!) cock penetration .zip.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files\DVD Maker\Shared\danish fetish xxx masturbation pregnant (Kathrin,Karin).zip.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american animal hardcore girls latex (Kathrin,Jade).mpg.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm full movie .rar.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
File created	C:\Program Files\Windows Journal\Templates\indian animal blowjob lesbian titts redhair (Karin).rar.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2536	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2644	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2544	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2004	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2996	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3012	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2984	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2644	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2536	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
1236	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
484	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2740	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2544	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2004	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2968	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
1096	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3000	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2756	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2764	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2872	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
320	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
320	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2996	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2996	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
1624	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
1624	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2324	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
2324	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3012	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3012	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
3012	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2284	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	28
PID 2468 wrote to memory of 2284	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	28
PID 2468 wrote to memory of 2284	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	28
PID 2468 wrote to memory of 2284	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	28
PID 2284 wrote to memory of 3040	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	29
PID 2284 wrote to memory of 3040	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	29
PID 2284 wrote to memory of 3040	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	29
PID 2284 wrote to memory of 3040	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	29
PID 2284 wrote to memory of 3036	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	31
PID 2284 wrote to memory of 3036	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	31
PID 2284 wrote to memory of 3036	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	31
PID 2284 wrote to memory of 3036	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	31
PID 2468 wrote to memory of 2640	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	30
PID 2468 wrote to memory of 2640	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	30
PID 2468 wrote to memory of 2640	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	30
PID 2468 wrote to memory of 2640	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	30
PID 3040 wrote to memory of 2548	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	32
PID 3040 wrote to memory of 2548	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	32
PID 3040 wrote to memory of 2548	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	32
PID 3040 wrote to memory of 2548	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	32
PID 2640 wrote to memory of 2636	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	33
PID 2640 wrote to memory of 2636	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	33
PID 2640 wrote to memory of 2636	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	33
PID 2640 wrote to memory of 2636	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	33
PID 2468 wrote to memory of 2524	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	34
PID 2468 wrote to memory of 2524	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	34
PID 2468 wrote to memory of 2524	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	34
PID 2468 wrote to memory of 2524	2468	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	34
PID 2548 wrote to memory of 2536	2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	38
PID 2548 wrote to memory of 2536	2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	38
PID 2548 wrote to memory of 2536	2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	38
PID 2548 wrote to memory of 2536	2548	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	38
PID 3036 wrote to memory of 2544	3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	35
PID 3036 wrote to memory of 2544	3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	35
PID 3036 wrote to memory of 2544	3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	35
PID 3036 wrote to memory of 2544	3036	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	35
PID 2284 wrote to memory of 2644	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	37
PID 2284 wrote to memory of 2644	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	37
PID 2284 wrote to memory of 2644	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	37
PID 2284 wrote to memory of 2644	2284	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	37
PID 3040 wrote to memory of 2004	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	36
PID 3040 wrote to memory of 2004	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	36
PID 3040 wrote to memory of 2004	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	36
PID 3040 wrote to memory of 2004	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	36
PID 3040 wrote to memory of 2996	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	39
PID 3040 wrote to memory of 2996	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	39
PID 3040 wrote to memory of 2996	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	39
PID 3040 wrote to memory of 2996	3040	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	39
PID 2640 wrote to memory of 3012	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	50
PID 2640 wrote to memory of 3012	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	50
PID 2640 wrote to memory of 3012	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	50
PID 2640 wrote to memory of 3012	2640	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	50
PID 2644 wrote to memory of 2984	2644	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	48
PID 2644 wrote to memory of 2984	2644	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	48
PID 2644 wrote to memory of 2984	2644	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	48
PID 2644 wrote to memory of 2984	2644	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	48
PID 2524 wrote to memory of 2968	2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	49
PID 2524 wrote to memory of 2968	2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	49
PID 2524 wrote to memory of 2968	2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	49
PID 2524 wrote to memory of 2968	2524	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	49
PID 2636 wrote to memory of 1236	2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	46
PID 2636 wrote to memory of 1236	2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	46
PID 2636 wrote to memory of 1236	2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	46
PID 2636 wrote to memory of 1236	2636	NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe	46

C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        9⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        9⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        9⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18188
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        9⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        9⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17836
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:11260
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18284
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:11116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:9112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:10832
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:9244
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:7008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:10816
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:17968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:11156
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:10784
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:16968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:12524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:17804
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:10884
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:11100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:13664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:6132
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:8768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:13756
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:5004
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:11080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:9252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:18368
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  PID:776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:13716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:10756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:8900
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:15536
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  PID:3212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
      4⤵
      PID:13396
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:6968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:11072
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  PID:4924
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:10824
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  PID:6960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
    3⤵
    PID:17648
- C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.b5cfef516ea88a5bf86a7cc9b7ed7630.exe"
  2⤵
  PID:10892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob sperm hidden lady .avi.exe

Filesize
1.5MB

MD5
0b9df77d53ad00816729363db58aae0d

SHA1
87352f5b8583dbbd470aaa79e28eb63db0f16aa6

SHA256
85d0c6ca5c9c9bf931c78f33be9afd7166cda7512724d7a9a3376e0ed3f29469

SHA512
26a0d43c02d7deab17accc9fd8b0c01713d7a8fc675269ea0bfb088eb982b41efbec1d95ea06c26e2900853df9cb4a2a84610727a94e2c2ad742b98b0bbfcdbc

Download Submit