3d42fa4f10bd5d37c17f30c93b44ab5345cd55f8b513a8d6bf97f65861221305

Analysis

max time kernel
11s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
Size

921KB
MD5

7d5d7f34e4f5f3a59d785a4540149250
SHA1

1671f60e0d4b0f0d55a654df3a64b4b09cf98f8e
SHA256

3d42fa4f10bd5d37c17f30c93b44ab5345cd55f8b513a8d6bf97f65861221305
SHA512

350908dcb56a6fc61b5b96a291e1b88f6d46420963646e343b03ee854164bebaaf4011b49f7a941e332bc23351a7a914bde5abddbdcd8dd0f6195739f9547a5b
SSDEEP

24576:StHHsejxtoX/H8gDjeZXj67gP8tKY1Q+FdAl10EgW:gHsejxmvJGVZ8JNdGOEgW

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000\Control Panel\International\Geo\Nation	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
Key value queried	\REGISTRY\USER\S-1-5-21-356073083-3299209671-3108880702-1000\Control Panel\International\Geo\Nation	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 49 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1048-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x0008000000022db9-5.dat	upx
behavioral2/memory/4856-10-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1048-43-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2508-46-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3688-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3664-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2820-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1356-108-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4832-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4856-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1348-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2728-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2508-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1808-136-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4676-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3688-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3464-139-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/820-143-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3664-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4164-152-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2820-158-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/660-159-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1356-160-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/444-161-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1436-163-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4832-162-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2332-166-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3444-172-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5036-175-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2764-173-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1348-169-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2728-177-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1808-178-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/576-180-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1612-179-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1604-181-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4676-182-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1900-183-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2688-185-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2052-187-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3464-189-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1872-190-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4944-195-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1196-191-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2288-203-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1888-202-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3944-279-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1372-318-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\E:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\K:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\S:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\Q:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\T:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\U:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\B:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\I:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\J:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\N:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\P:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\V:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\Z:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\G:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\H:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\W:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\X:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\Y:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\L:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\M:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\O:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File opened (read-only)	\??\R:	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\american kicking lingerie hot (!) glans young .avi.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast sleeping sweet .mpg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian cum trambling catfight hole .zip.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese cum trambling [free] YEâPSè& .mpg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\blowjob hot (!) boots .avi.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4144D4F1-B7D3-4764-B96B-1DD2F4562087}\EDGEMITMP_F9E5D.tmp\trambling big .mpg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish action sperm public (Sarah).mpeg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian beastiality hardcore full movie cock fishy .rar.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beastiality xxx uncut balls .zip.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish cumshot xxx licking shoes (Jenna,Janette).mpg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore sleeping sm .avi.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Microsoft Office\root\Templates\trambling uncut boots .avi.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling big (Liz).zip.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black handjob beast lesbian traffic .rar.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay [milf] hairy .mpeg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese cumshot xxx public glans sm (Melissa).zip.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\lingerie hot (!) (Sarah).rar.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
File created	C:\Program Files (x86)\Microsoft\Temp\gay several models high heels .mpeg.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
4856	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
4856	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
2508	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
2508	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 4856	1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	86
PID 1048 wrote to memory of 4856	1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	86
PID 1048 wrote to memory of 4856	1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	86
PID 1048 wrote to memory of 2508	1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	87
PID 1048 wrote to memory of 2508	1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	87
PID 1048 wrote to memory of 2508	1048	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	87
PID 4856 wrote to memory of 3688	4856	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	88
PID 4856 wrote to memory of 3688	4856	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	88
PID 4856 wrote to memory of 3688	4856	NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe	88

C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        7⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        7⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:1288
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4804
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:10772
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:9520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:11348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:7960
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:10728
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:9312
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:10400
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:11592
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:9404
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:6916
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8252
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8272
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:576
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:10720
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:11356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:9320
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:6800
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8112
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:3584
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:1348
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
        5⤵
        
        PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:9360
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:9536
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:6756
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8128
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:2612
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:444
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:8768
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
      4⤵
      PID:12144
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8096
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:10992
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:6808
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8236
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:1332
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:5216
- - C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
    3⤵
    PID:8880
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:6428
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:8088
- C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.7d5d7f34e4f5f3a59d785a4540149250.exe"
  2⤵
  PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black handjob beast lesbian traffic .rar.exe

Filesize
903KB

MD5
69f4ca6690d4d622547aa24a7eb342d4

SHA1
4a09ff07a34c9d7c967cb0ca25bbe528489814e2

SHA256
6a8d43cc642aeac15ca153c0d47f5f8ba08d488725076d08e01912daa8e00e96

SHA512
908ad24514f975a6e851a36a75407c73e61c39f278a55f2fce8a2d6f2a2287da326c7500aa4528b2d45e6856d2c50845346f38120b7a2c118727501b53189100

Download Submit
memory/444-161-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/576-180-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/660-159-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/820-143-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1048-43-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1048-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1196-191-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-169-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1356-108-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1356-160-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1372-318-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1436-163-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-181-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1612-179-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1808-136-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1808-178-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1872-190-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1888-202-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1900-183-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2052-187-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2288-203-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2332-166-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2508-46-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2508-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2688-185-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2728-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2728-177-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2764-173-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2820-158-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2820-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3444-172-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3464-189-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3464-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3664-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3664-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3688-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3688-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3944-279-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4164-152-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4676-182-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4676-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4832-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4832-162-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4856-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4856-10-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4944-195-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5036-175-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download