08aa02144c8b48aa7b1f94a3508472f3281b5bbb908cab49596f8ed9c3d20000

Analysis

max time kernel
27s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
Size

1.2MB
MD5

4d91c02d2852b989865a35bf7548d7e0
SHA1

0b44e7553b7cb97cb0ebd9713bc8c131db3aae84
SHA256

08aa02144c8b48aa7b1f94a3508472f3281b5bbb908cab49596f8ed9c3d20000
SHA512

d6e4525aa62ac88a869265846e738f8681df3f93636109c3b6bd6f19f9bf85e2bcd74c238a889cdf09a77a0abc67ec5ffc971c89e7c386e7a07ce02bdd75c3b3
SSDEEP

24576:oWDvFI0+yQUVB7ppk7dH8RwVI/TOFowVitm3VvKAk:VLF33pWRGwiLOFT6Cl6

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\I:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\K:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\N:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\T:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\X:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\J:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\O:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\Q:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\R:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\Y:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\P:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\V:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\W:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\A:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\B:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\E:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\H:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\L:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\M:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\S:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\U:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File opened (read-only)	\??\Z:	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\indian nude xxx hot (!) hole (Anniston,Sylvia).rar.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish porn bukkake [milf] .mpg.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Google\Update\Download\american action gay several models beautyfull .avi.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse hot (!) .avi.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie licking (Melissa).mpeg.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Microsoft Office\root\Templates\russian nude xxx hidden blondie .rar.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx sleeping (Samantha).mpeg.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish horse bukkake [milf] feet stockings .rar.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Google\Temp\japanese cum lingerie girls cock mature .zip.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Microsoft\Temp\danish animal hardcore public titts black hairunshaved (Curtney).avi.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black kicking blowjob masturbation upskirt .rar.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black gang bang beast hot (!) (Sylvia).rar.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking voyeur titts hairy .rar.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\sperm lesbian granny (Christine,Karin).avi.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish horse lesbian [milf] .mpeg.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish horse fucking hot (!) (Sarah).mpg.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french hardcore hidden boots .mpg.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
4576	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
4576	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
4888	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
4888	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
2784	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
2784	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 3408	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	81
PID 1172 wrote to memory of 3408	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	81
PID 1172 wrote to memory of 3408	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	81
PID 1172 wrote to memory of 3960	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	82
PID 1172 wrote to memory of 3960	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	82
PID 1172 wrote to memory of 3960	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	82
PID 3408 wrote to memory of 4576	3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	83
PID 3408 wrote to memory of 4576	3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	83
PID 3408 wrote to memory of 4576	3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	83
PID 1172 wrote to memory of 4888	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	85
PID 1172 wrote to memory of 4888	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	85
PID 1172 wrote to memory of 4888	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	85
PID 3960 wrote to memory of 2784	3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	86
PID 3960 wrote to memory of 2784	3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	86
PID 3960 wrote to memory of 2784	3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	86
PID 3408 wrote to memory of 772	3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	87
PID 3408 wrote to memory of 772	3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	87
PID 3408 wrote to memory of 772	3408	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	87
PID 4576 wrote to memory of 4272	4576	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	88
PID 4576 wrote to memory of 4272	4576	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	88
PID 4576 wrote to memory of 4272	4576	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	88
PID 1172 wrote to memory of 1964	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	91
PID 1172 wrote to memory of 1964	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	91
PID 1172 wrote to memory of 1964	1172	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	91
PID 4888 wrote to memory of 1052	4888	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	89
PID 4888 wrote to memory of 1052	4888	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	89
PID 4888 wrote to memory of 1052	4888	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	89
PID 3960 wrote to memory of 3676	3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	90
PID 3960 wrote to memory of 3676	3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	90
PID 3960 wrote to memory of 3676	3960	NEAS.4d91c02d2852b989865a35bf7548d7e0.exe	90

C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3408
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        8⤵
        
        PID:18804
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18628
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18680
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18608
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:17148
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:5848
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7040
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7740
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:12664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:17064
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18636
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16864
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:18688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7636
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:5764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:6844
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:8300
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:12776
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:17120
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4888
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        6⤵
        
        PID:18656
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16424
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:2084
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:5772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:6808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7676
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:8352
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:12856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:14212
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16992
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:14232
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:5828
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:6968
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:12656
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:17088
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:5068
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
      4⤵
      PID:18672
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:6716
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:8288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:12872
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:17048
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:6516
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:7520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:12736
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:16944
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:5744
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:6748
- - C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
    3⤵
    PID:18620
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:7620
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:8316
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:12768
- C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.4d91c02d2852b989865a35bf7548d7e0.exe"
  2⤵
  PID:17112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black gang bang beast hot (!) (Sylvia).rar.exe

Filesize
1.4MB

MD5
4ceb5750e3df8fd341e6aae05b4bcab1

SHA1
7cc68da1cb7893cb734d95187d31291020448bb7

SHA256
0c85f96adb6822ead0a8d4fde74583cf8743b278ff1a80a2b47f0a744f56fa56

SHA512
01f7dc3dcac65592d07147c1d43276b6603d398d01fc265116553c554f65694b75a3fa5c72ab209d0fbf14aa95484704d00c63080ab88ad6bfbffb3295ee8d2e

Download Submit